Vulnerabilites related to netapp - hci_compute_node
cve-2022-30594
Vulnerability from cvelistv5
Published
2022-05-12 00:00
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:56:13.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2", }, { tags: [ "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2276", }, { tags: [ "x_transferred", ], url: "https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html", }, { name: "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", }, { name: "DSA-5173", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5173", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220707-0001/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-03T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2", }, { url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2276", }, { url: "https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3", }, { url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3", }, { url: "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html", }, { name: "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", }, { name: "DSA-5173", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5173", }, { url: "https://security.netapp.com/advisory/ntap-20220707-0001/", }, { url: "http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-30594", datePublished: "2022-05-12T00:00:00", dateReserved: "2022-05-12T00:00:00", dateUpdated: "2024-08-03T06:56:13.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45061
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2024-08-03 14:01
Severity ?
EPSS score ?
Summary
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:01:31.434Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/python/cpython/issues/98433", }, { name: "FEDORA-2022-45d2cfdfa4", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", }, { name: "FEDORA-2022-3e859b6bc6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", }, { name: "FEDORA-2022-e1ce71ff40", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", }, { name: "FEDORA-2022-fdb2739feb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221209-0007/", }, { name: "FEDORA-2022-6f4e6120d7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", }, { name: "FEDORA-2022-e6d0495206", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", }, { name: "FEDORA-2022-6d51289820", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", }, { name: "FEDORA-2022-50deb53896", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", }, { name: "FEDORA-2022-93c6916349", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", }, { name: "FEDORA-2022-18b234c18b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", }, { name: "FEDORA-2022-de755fd092", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", }, { name: "FEDORA-2022-fd3771db30", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", }, { name: "FEDORA-2022-6b8b96f883", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", }, { name: "FEDORA-2022-3d7e44dbd5", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", }, { name: "FEDORA-2022-b2f06fbb62", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", }, { name: "FEDORA-2022-6ba889e0e3", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", }, { name: "FEDORA-2022-dbb811d203", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", }, { name: "FEDORA-2022-e699dd5247", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", }, { name: "FEDORA-2022-fbf6a320fe", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", }, { name: "FEDORA-2022-bcf089dd07", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", }, { name: "FEDORA-2023-a990c93ed0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", }, { name: "FEDORA-2023-78b4ce2f23", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", }, { name: "FEDORA-2023-af5206f71d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", }, { name: "FEDORA-2023-943556a733", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", }, { name: "FEDORA-2023-097dd40685", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", }, { name: "FEDORA-2023-f1381c83af", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", }, { name: "GLSA-202305-02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-02", }, { name: "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, { name: "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", }, { name: "FEDORA-2023-129178fd27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/", }, { name: "FEDORA-2023-c43a940a93", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/", }, { name: "FEDORA-2023-5460cf6dfb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-15T21:07:33.878146", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/python/cpython/issues/98433", }, { name: "FEDORA-2022-45d2cfdfa4", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", }, { name: "FEDORA-2022-3e859b6bc6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", }, { name: "FEDORA-2022-e1ce71ff40", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", }, { name: "FEDORA-2022-fdb2739feb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", }, { url: "https://security.netapp.com/advisory/ntap-20221209-0007/", }, { name: "FEDORA-2022-6f4e6120d7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", }, { name: "FEDORA-2022-e6d0495206", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", }, { name: "FEDORA-2022-6d51289820", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", }, { name: "FEDORA-2022-50deb53896", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", }, { name: "FEDORA-2022-93c6916349", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", }, { name: "FEDORA-2022-18b234c18b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", }, { name: "FEDORA-2022-de755fd092", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", }, { name: "FEDORA-2022-fd3771db30", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", }, { name: "FEDORA-2022-6b8b96f883", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", }, { name: "FEDORA-2022-3d7e44dbd5", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", }, { name: "FEDORA-2022-b2f06fbb62", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", }, { name: "FEDORA-2022-6ba889e0e3", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", }, { name: "FEDORA-2022-dbb811d203", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", }, { name: "FEDORA-2022-e699dd5247", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", }, { name: "FEDORA-2022-fbf6a320fe", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", }, { name: "FEDORA-2022-bcf089dd07", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", }, { name: "FEDORA-2023-a990c93ed0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", }, { name: "FEDORA-2023-78b4ce2f23", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", }, { name: "FEDORA-2023-af5206f71d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", }, { name: "FEDORA-2023-943556a733", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", }, { name: "FEDORA-2023-097dd40685", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", }, { name: "FEDORA-2023-f1381c83af", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", }, { name: "GLSA-202305-02", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-02", }, { name: "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, { name: "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", }, { name: "FEDORA-2023-129178fd27", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/", }, { name: "FEDORA-2023-c43a940a93", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/", }, { name: "FEDORA-2023-5460cf6dfb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-45061", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-11-09T00:00:00", dateUpdated: "2024-08-03T14:01:31.434Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13631
Vulnerability from cvelistv5
Published
2020-05-27 14:42
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2020-0477f8840e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { name: "USN-4394-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4394-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sqlite.org/src/info/eca0ba2cf4c0fdf7", }, { name: "GLSA-202007-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202007-26", }, { name: "FreeBSD-SA-20:22", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211843", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211850", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211844", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211931", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211952", }, { name: "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Nov/19", }, { name: "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Nov/20", }, { name: "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Nov/22", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211935", }, { name: "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { name: "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-08T14:08:36", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FEDORA-2020-0477f8840e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { name: "USN-4394-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4394-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://sqlite.org/src/info/eca0ba2cf4c0fdf7", }, { name: "GLSA-202007-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202007-26", }, { name: "FreeBSD-SA-20:22", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211843", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211850", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211844", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211931", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211952", }, { name: "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Nov/19", }, { name: "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Nov/20", }, { name: "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Nov/22", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211935", }, { name: "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { name: "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13631", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2020-0477f8840e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { name: "USN-4394-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4394-1/", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", refsource: "MISC", url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { name: "https://sqlite.org/src/info/eca0ba2cf4c0fdf7", refsource: "MISC", url: "https://sqlite.org/src/info/eca0ba2cf4c0fdf7", }, { name: "GLSA-202007-26", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202007-26", }, { name: "FreeBSD-SA-20:22", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { name: "https://support.apple.com/kb/HT211843", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211843", }, { name: "https://support.apple.com/kb/HT211850", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211850", }, { name: "https://support.apple.com/kb/HT211844", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211844", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://support.apple.com/kb/HT211931", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211931", }, { name: "https://support.apple.com/kb/HT211952", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211952", }, { name: "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Nov/19", }, { name: "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Nov/20", }, { name: "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Nov/22", }, { name: "https://support.apple.com/kb/HT211935", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211935", }, { name: "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { name: "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13631", datePublished: "2020-05-27T14:42:28", dateReserved: "2020-05-27T00:00:00", dateUpdated: "2024-08-04T12:25:16.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0391
Vulnerability from cvelistv5
Published
2022-02-09 00:00
Modified
2024-08-02 23:25
Severity ?
EPSS score ?
Summary
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:25:40.603Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugs.python.org/issue43882", }, { name: "FEDORA-2022-ef99a016f6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/", }, { name: "FEDORA-2022-18ad73aba6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220225-0009/", }, { name: "GLSA-202305-02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-02", }, { name: "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "python", vendor: "n/a", versions: [ { status: "affected", version: "python 3.10.0b1, python 3.9.5, python 3.8.11, python 3.7.11, python 3.6.14", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-74", description: "CWE-74", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-20T21:06:09.930040", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugs.python.org/issue43882", }, { name: "FEDORA-2022-ef99a016f6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/", }, { name: "FEDORA-2022-18ad73aba6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20220225-0009/", }, { name: "GLSA-202305-02", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202305-02", }, { name: "[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-0391", datePublished: "2022-02-09T00:00:00", dateReserved: "2022-01-27T00:00:00", dateUpdated: "2024-08-02T23:25:40.603Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38160
Vulnerability from cvelistv5
Published
2021-08-07 03:31
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46 | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2021-38160 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2021/dsa-4978 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:37:16.213Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2021-38160", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { name: "DSA-4978", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4978", }, { name: "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html", }, { name: "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T00:06:39", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/cve-2021-38160", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { name: "DSA-4978", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4978", }, { name: "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html", }, { name: "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38160", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { name: "https://access.redhat.com/security/cve/cve-2021-38160", refsource: "MISC", url: "https://access.redhat.com/security/cve/cve-2021-38160", }, { name: "https://security.netapp.com/advisory/ntap-20210902-0010/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { name: "DSA-4978", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4978", }, { name: "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html", }, { name: "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38160", datePublished: "2021-08-07T03:31:12", dateReserved: "2021-08-07T00:00:00", dateUpdated: "2024-08-04T01:37:16.213Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-4203
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:16:04.262Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2036934", }, { tags: [ "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814", }, { tags: [ "x_transferred", ], url: "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221111-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kernel", vendor: "n/a", versions: [ { status: "affected", version: "kernel 5.15 rc4", }, ], }, ], descriptions: [ { lang: "en", value: "A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362->CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-14T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2036934", }, { url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1", }, { url: "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814", }, { url: "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20221111-0003/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-4203", datePublished: "2022-03-25T00:00:00", dateReserved: "2022-01-10T00:00:00", dateUpdated: "2024-08-03T17:16:04.262Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45485
Vulnerability from cvelistv5
Published
2021-12-25 01:05
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 | x_refsource_MISC | |
| https://arxiv.org/pdf/2112.09604.pdf | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220121-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:21.141Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://arxiv.org/pdf/2112.09604.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220121-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:42:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3", }, { tags: [ "x_refsource_MISC", ], url: "https://arxiv.org/pdf/2112.09604.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220121-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45485", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3", }, { name: "https://arxiv.org/pdf/2112.09604.pdf", refsource: "MISC", url: "https://arxiv.org/pdf/2112.09604.pdf", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220121-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220121-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45485", datePublished: "2021-12-25T01:05:07", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:39:21.141Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2048
Vulnerability from cvelistv5
Published
2022-07-07 20:35
Modified
2024-08-03 00:24
Severity ?
EPSS score ?
Summary
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5198 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220901-0006/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2022/09/09/2 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.0 < unspecified Version: unspecified < Version: 10.0.0 < unspecified Version: unspecified < Version: 11.0.0 < unspecified Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:24:43.964Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", }, { name: "DSA-5198", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5198", }, { name: "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, { name: "[oss-security] 20220909 Vulnerability in Jenkins", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/09/09/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Eclipse Jetty", vendor: "The Eclipse Foundation", versions: [ { lessThan: "unspecified", status: "affected", version: "9.4.0", versionType: "custom", }, { lessThanOrEqual: "9.4.46", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "10.0.0", versionType: "custom", }, { lessThanOrEqual: "10.0.9", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "11.0.0", versionType: "custom", }, { lessThanOrEqual: "11.0.9", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-410", description: "CWE-410", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-664", description: "CWE-664", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-09T14:06:11", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", }, { name: "DSA-5198", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5198", }, { name: "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, { name: "[oss-security] 20220909 Vulnerability in Jenkins", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/09/09/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@eclipse.org", ID: "CVE-2022-2048", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Eclipse Jetty", version: { version_data: [ { version_affected: ">=", version_value: "9.4.0", }, { version_affected: "<=", version_value: "9.4.46", }, { version_affected: ">=", version_value: "10.0.0", }, { version_affected: "<=", version_value: "10.0.9", }, { version_affected: ">=", version_value: "11.0.0", }, { version_affected: "<=", version_value: "11.0.9", }, ], }, }, ], }, vendor_name: "The Eclipse Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.", }, ], }, impact: { cvss: { baseScore: 7.5, vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-410", }, ], }, { description: [ { lang: "eng", value: "CWE-664", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", refsource: "CONFIRM", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", }, { name: "DSA-5198", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5198", }, { name: "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { name: "https://security.netapp.com/advisory/ntap-20220901-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, { name: "[oss-security] 20220909 Vulnerability in Jenkins", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/09/09/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2022-2048", datePublished: "2022-07-07T20:35:09", dateReserved: "2022-06-09T00:00:00", dateUpdated: "2024-08-03T00:24:43.964Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25645
Vulnerability from cvelistv5
Published
2020-10-13 19:52
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1883988 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html | vendor-advisory, x_refsource_SUSE | |
| https://www.debian.org/security/2020/dsa-4774 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20201103-0004/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1883988", }, { name: "openSUSE-SU-2020:1682", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html", }, { name: "openSUSE-SU-2020:1698", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html", }, { name: "DSA-4774", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4774", }, { name: "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201103-0004/", }, { name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kernel", vendor: "n/a", versions: [ { status: "affected", version: "Linux kernel versions before 5.9-rc7", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-319", description: "CWE-319", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-01T18:06:18", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1883988", }, { name: "openSUSE-SU-2020:1682", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html", }, { name: "openSUSE-SU-2020:1698", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html", }, { name: "DSA-4774", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4774", }, { name: "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201103-0004/", }, { name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-25645", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "kernel", version: { version_data: [ { version_value: "Linux kernel versions before 5.9-rc7", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-319", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1883988", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1883988", }, { name: "openSUSE-SU-2020:1682", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html", }, { name: "openSUSE-SU-2020:1698", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html", }, { name: "DSA-4774", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4774", }, { name: "[debian-lts-announce] 20201028 [SECURITY] [DLA 2417-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html", }, { name: "https://security.netapp.com/advisory/ntap-20201103-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201103-0004/", }, { name: "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html", }, { name: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-25645", datePublished: "2020-10-13T19:52:35", dateReserved: "2020-09-16T00:00:00", dateUpdated: "2024-08-04T15:40:36.536Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12465
Vulnerability from cvelistv5
Published
2020-04-29 18:52
Modified
2024-08-04 11:56
Severity ?
EPSS score ?
Summary
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2 | x_refsource_MISC | |
| https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2 | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:56:52.066Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-08T12:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12465", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2", }, { name: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2", refsource: "MISC", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12465", datePublished: "2020-04-29T18:52:38", dateReserved: "2020-04-29T00:00:00", dateUpdated: "2024-08-04T11:56:52.066Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27779
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-03 05:33
Severity ?
EPSS score ?
Summary
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.83.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:33:00.476Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1553301", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in 7.83.1", }, ], }, ], descriptions: [ { lang: "en", value: "libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's \"cookie engine\" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-201", description: "Information Exposure Through Sent Data (CWE-201)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T00:00:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1553301", }, { url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-27779", datePublished: "2022-06-01T00:00:00", dateReserved: "2022-03-23T00:00:00", dateUpdated: "2024-08-03T05:33:00.476Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23308
Vulnerability from cvelistv5
Published
2022-02-26 00:00
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:36:20.420Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2022-050c712ed7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/", }, { name: "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html", }, { name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { name: "20220516 APPLE-SA-2022-05-16-6 tvOS 15.5", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/37", }, { name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { name: "20220516 APPLE-SA-2022-05-16-5 watchOS 8.6", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/36", }, { name: "20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/34", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213257", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213256", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213255", }, { tags: [ "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS", }, { tags: [ "x_transferred", ], url: "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220331-0008/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213253", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213258", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213254", }, { name: "GLSA-202210-03", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-16T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FEDORA-2022-050c712ed7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/", }, { name: "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html", }, { name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { name: "20220516 APPLE-SA-2022-05-16-6 tvOS 15.5", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/37", }, { name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { name: "20220516 APPLE-SA-2022-05-16-5 watchOS 8.6", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/36", }, { name: "20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/34", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { url: "https://support.apple.com/kb/HT213257", }, { url: "https://support.apple.com/kb/HT213256", }, { url: "https://support.apple.com/kb/HT213255", }, { url: "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS", }, { url: "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e", }, { url: "https://security.netapp.com/advisory/ntap-20220331-0008/", }, { url: "https://support.apple.com/kb/HT213253", }, { url: "https://support.apple.com/kb/HT213258", }, { url: "https://support.apple.com/kb/HT213254", }, { name: "GLSA-202210-03", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202210-03", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-23308", datePublished: "2022-02-26T00:00:00", dateReserved: "2022-01-17T00:00:00", dateUpdated: "2024-08-03T03:36:20.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12653
Vulnerability from cvelistv5
Published
2020-05-05 04:47
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d | x_refsource_MISC | |
| https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/05/08/2 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4698 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.557Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", }, { name: "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/05/08/2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-13T08:12:48", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", }, { name: "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/05/08/2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12653", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4", }, { name: "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", }, { name: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", refsource: "MISC", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", }, { name: "[oss-security] 20200508 Linux kernel: two buffer overflow in the marvell wifi driver", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/05/08/2", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "openSUSE-SU-2020:0801", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12653", datePublished: "2020-05-05T04:47:35", dateReserved: "2020-05-05T00:00:00", dateUpdated: "2024-08-04T12:04:22.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19060
Vulnerability from cvelistv5
Published
2019-11-18 05:24
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0 | x_refsource_MISC | |
| https://usn.ubuntu.com/4208-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4210-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4226-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4364-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:39.600Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0", }, { name: "USN-4208-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4208-1/", }, { name: "USN-4210-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4210-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "openSUSE-SU-2019:2675", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "USN-4226-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4226-1/", }, { name: "USN-4364-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4364-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-21T02:06:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0", }, { name: "USN-4208-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4208-1/", }, { name: "USN-4210-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4210-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "openSUSE-SU-2019:2675", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "USN-4226-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4226-1/", }, { name: "USN-4364-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4364-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19060", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { name: "https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0", }, { name: "USN-4208-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4208-1/", }, { name: "USN-4210-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4210-1/", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "openSUSE-SU-2019:2675", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "USN-4226-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4226-1/", }, { name: "USN-4364-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4364-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19060", datePublished: "2019-11-18T05:24:01", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:39.600Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2047
Vulnerability from cvelistv5
Published
2022-07-07 20:45
Modified
2024-08-03 00:24
Severity ?
EPSS score ?
Summary
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5198 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220901-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.0 < unspecified Version: unspecified < Version: 10.0.0 < unspecified Version: unspecified < Version: 11.0.0 < unspecified Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:24:44.138Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", }, { name: "DSA-5198", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5198", }, { name: "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Eclipse Jetty", vendor: "The Eclipse Foundation", versions: [ { lessThan: "unspecified", status: "affected", version: "9.4.0", versionType: "custom", }, { lessThanOrEqual: "9.4.46", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "10.0.0", versionType: "custom", }, { lessThanOrEqual: "10.0.9", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "11.0.0", versionType: "custom", }, { lessThanOrEqual: "11.0.9", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-01T13:06:30", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", }, { name: "DSA-5198", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5198", }, { name: "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@eclipse.org", ID: "CVE-2022-2047", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Eclipse Jetty", version: { version_data: [ { version_affected: ">=", version_value: "9.4.0", }, { version_affected: "<=", version_value: "9.4.46", }, { version_affected: ">=", version_value: "10.0.0", }, { version_affected: "<=", version_value: "10.0.9", }, { version_affected: ">=", version_value: "11.0.0", }, { version_affected: "<=", version_value: "11.0.9", }, ], }, }, ], }, vendor_name: "The Eclipse Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.", }, ], }, impact: { cvss: { vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", refsource: "CONFIRM", url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", }, { name: "DSA-5198", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5198", }, { name: "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { name: "https://security.netapp.com/advisory/ntap-20220901-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2022-2047", datePublished: "2022-07-07T20:45:12", dateReserved: "2022-06-09T00:00:00", dateUpdated: "2024-08-03T00:24:44.138Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19462
Vulnerability from cvelistv5
Published
2019-11-30 00:57
Modified
2024-08-05 02:16
Severity ?
EPSS score ?
Summary
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:16:47.410Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net/", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "DSA-4698", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "openSUSE-SU-2020:0935", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4414-1/", }, { name: "USN-4425-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4425-1/", }, { name: "USN-4439-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4439-1/", }, { name: "USN-4440-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4440-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210129-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-29T06:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8", }, { tags: [ "x_refsource_MISC", ], url: "https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531", }, { tags: [ "x_refsource_MISC", ], url: "https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046", }, { tags: [ "x_refsource_MISC", ], url: "https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b", }, { tags: [ "x_refsource_MISC", ], url: "https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net/", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "DSA-4698", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "openSUSE-SU-2020:0935", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4414-1/", }, { name: "USN-4425-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4425-1/", }, { name: "USN-4439-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4439-1/", }, { name: "USN-4440-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4440-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210129-0004/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19462", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8", refsource: "MISC", url: "https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8", }, { name: "https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531", refsource: "MISC", url: "https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531", }, { name: "https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046", refsource: "MISC", url: "https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046", }, { name: "https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b", refsource: "MISC", url: "https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b", }, { name: "https://lore.kernel.org/lkml/20191129013745.7168-1-dja@axtens.net/", refsource: "MISC", url: "https://lore.kernel.org/lkml/20191129013745.7168-1-dja@axtens.net/", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "DSA-4698", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "openSUSE-SU-2020:0801", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "openSUSE-SU-2020:0935", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { name: "USN-4414-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4414-1/", }, { name: "USN-4425-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4425-1/", }, { name: "USN-4439-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4439-1/", }, { name: "USN-4440-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4440-1/", }, { name: "https://security.netapp.com/advisory/ntap-20210129-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210129-0004/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19462", datePublished: "2019-11-30T00:57:13", dateReserved: "2019-11-30T00:00:00", dateUpdated: "2024-08-05T02:16:47.410Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29370
Vulnerability from cvelistv5
Published
2020-11-28 06:20
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 | x_refsource_MISC | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=2022 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201218-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:48:01.662Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2022", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201218-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-18T10:06:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2022", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201218-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-29370", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2022", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2022", }, { name: "https://security.netapp.com/advisory/ntap-20201218-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201218-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-29370", datePublished: "2020-11-28T06:20:02", dateReserved: "2020-11-28T00:00:00", dateUpdated: "2024-08-04T16:48:01.662Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12770
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lkml.org/lkml/2020/4/13/870", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee", }, { name: "FEDORA-2020-4c69987c40", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/", }, { name: "FEDORA-2020-c6b9fff7f8", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/", }, { name: "FEDORA-2020-5a69decc0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "USN-4413-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4413-1/", }, { name: "USN-4411-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4411-1/", }, { name: "USN-4412-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4412-1/", }, { name: "USN-4419-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4419-1/", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4414-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-29T18:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://lkml.org/lkml/2020/4/13/870", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee", }, { name: "FEDORA-2020-4c69987c40", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/", }, { name: "FEDORA-2020-c6b9fff7f8", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/", }, { name: "FEDORA-2020-5a69decc0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "USN-4413-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4413-1/", }, { name: "USN-4411-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4411-1/", }, { name: "USN-4412-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4412-1/", }, { name: "USN-4419-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4419-1/", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4414-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12770", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://lkml.org/lkml/2020/4/13/870", refsource: "CONFIRM", url: "https://lkml.org/lkml/2020/4/13/870", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee", refsource: "CONFIRM", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee", }, { name: "FEDORA-2020-4c69987c40", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/", }, { name: "FEDORA-2020-c6b9fff7f8", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/", }, { name: "FEDORA-2020-5a69decc0c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "USN-4413-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4413-1/", }, { name: "USN-4411-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4411-1/", }, { name: "USN-4412-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4412-1/", }, { name: "USN-4419-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4419-1/", }, { name: "USN-4414-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4414-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12770", datePublished: "2020-05-09T20:16:36", dateReserved: "2020-05-09T00:00:00", dateUpdated: "2024-08-04T12:04:22.871Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8698
Vulnerability from cvelistv5
Published
2020-11-12 18:01
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20201113-0006/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Processors |
Version: See references |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:03:46.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201113-0006/", }, { name: "FEDORA-2020-14fda1bf85", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/", }, { name: "[debian-lts-announce] 20210205 [SECURITY] [DLA 2546-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Intel(R) Processors", vendor: "n/a", versions: [ { status: "affected", version: "See references", }, ], }, ], descriptions: [ { lang: "en", value: "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", }, ], problemTypes: [ { descriptions: [ { description: "information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-11T12:06:29", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201113-0006/", }, { name: "FEDORA-2020-14fda1bf85", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/", }, { name: "[debian-lts-announce] 20210205 [SECURITY] [DLA 2546-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2020-8698", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Intel(R) Processors", version: { version_data: [ { version_value: "See references", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381", refsource: "MISC", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381", }, { name: "https://security.netapp.com/advisory/ntap-20201113-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201113-0006/", }, { name: "FEDORA-2020-14fda1bf85", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/", }, { name: "[debian-lts-announce] 20210205 [SECURITY] [DLA 2546-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2020-8698", datePublished: "2020-11-12T18:01:55", dateReserved: "2020-02-06T00:00:00", dateUpdated: "2024-08-04T10:03:46.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29368
Vulnerability from cvelistv5
Published
2020-11-28 06:20
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040 | x_refsource_MISC | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210108-0002/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:48:01.651Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210108-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-08T11:06:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210108-0002/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-29368", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { name: "https://security.netapp.com/advisory/ntap-20210108-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210108-0002/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-29368", datePublished: "2020-11-28T06:20:26", dateReserved: "2020-11-28T00:00:00", dateUpdated: "2024-08-04T16:48:01.651Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21443
Vulnerability from cvelistv5
Published
2022-04-19 20:37
Modified
2024-08-03 02:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-21443", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-24T15:31:25.581438Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-24T15:31:36.356Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T02:38:56.379Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { name: "DSA-5128", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { name: "DSA-5131", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:7u331", }, { status: "affected", version: "Oracle Java SE:8u321", }, { status: "affected", version: "Oracle Java SE:11.0.14", }, { status: "affected", version: "Oracle Java SE:17.0.2", }, { status: "affected", version: "Oracle Java SE:18", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.5", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.0.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:06:38.587068", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { name: "DSA-5128", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { name: "DSA-5131", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2022-21443", datePublished: "2022-04-19T20:37:30", dateReserved: "2021-11-15T00:00:00", dateUpdated: "2024-08-03T02:38:56.379Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-17006
Vulnerability from cvelistv5
Published
2020-10-22 20:24
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes | x_refsource_MISC | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1539788 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210129-0001/ | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf | x_refsource_CONFIRM | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:24:48.804Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210129-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NSS", vendor: "Mozilla", versions: [ { lessThan: "3.46", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "missing length checks for cryptographic primitives", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-12T06:05:28", orgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", shortName: "mozilla", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210129-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@mozilla.org", ID: "CVE-2019-17006", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NSS", version: { version_data: [ { version_affected: "<", version_value: "3.46", }, ], }, }, ], }, vendor_name: "Mozilla", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "missing length checks for cryptographic primitives", }, ], }, ], }, references: { reference_data: [ { name: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", refsource: "MISC", url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", }, { name: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", refsource: "MISC", url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", }, { name: "https://security.netapp.com/advisory/ntap-20210129-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210129-0001/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", refsource: "MISC", url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", assignerShortName: "mozilla", cveId: "CVE-2019-17006", datePublished: "2020-10-22T20:24:25", dateReserved: "2019-09-30T00:00:00", dateUpdated: "2024-08-05T01:24:48.804Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19044
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4225-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:38.256Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4225-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4225-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-07T05:06:54", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4225-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4225-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19044", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", }, { name: "https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4225-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4225-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19044", datePublished: "2019-11-18T05:23:39", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:38.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13630
Vulnerability from cvelistv5
Published
2020-05-27 14:42
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.317Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2020-0477f8840e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { name: "USN-4394-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4394-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sqlite.org/src/info/0d69f76f0865f962", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { name: "GLSA-202007-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202007-26", }, { name: "FreeBSD-SA-20:22", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { name: "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211843", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211850", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211844", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211931", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211952", }, { name: "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Nov/19", }, { name: "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Nov/20", }, { name: "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Nov/22", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT211935", }, { name: "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-08T14:07:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FEDORA-2020-0477f8840e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { name: "USN-4394-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4394-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { tags: [ "x_refsource_MISC", ], url: "https://sqlite.org/src/info/0d69f76f0865f962", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { name: "GLSA-202007-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202007-26", }, { name: "FreeBSD-SA-20:22", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { name: "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211843", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211850", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211844", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211931", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211952", }, { name: "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Nov/19", }, { name: "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Nov/20", }, { name: "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Nov/22", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT211935", }, { name: "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13630", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2020-0477f8840e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { name: "USN-4394-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4394-1/", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", refsource: "MISC", url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { name: "https://sqlite.org/src/info/0d69f76f0865f962", refsource: "MISC", url: "https://sqlite.org/src/info/0d69f76f0865f962", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { name: "GLSA-202007-26", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202007-26", }, { name: "FreeBSD-SA-20:22", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { name: "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html", }, { name: "https://support.apple.com/kb/HT211843", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211843", }, { name: "https://support.apple.com/kb/HT211850", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211850", }, { name: "https://support.apple.com/kb/HT211844", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211844", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://support.apple.com/kb/HT211931", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211931", }, { name: "https://support.apple.com/kb/HT211952", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211952", }, { name: "20201115 APPLE-SA-2020-11-13-4 Additional information for APPLE-SA-2020-09-16-2 tvOS 14.0", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Nov/19", }, { name: "20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Nov/20", }, { name: "20201115 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Nov/22", }, { name: "https://support.apple.com/kb/HT211935", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT211935", }, { name: "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13630", datePublished: "2020-05-27T14:42:44", dateReserved: "2020-05-27T00:00:00", dateUpdated: "2024-08-04T12:25:16.317Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21476
Vulnerability from cvelistv5
Published
2022-04-19 20:38
Modified
2024-08-03 02:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220429-0006/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5128 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.debian.org/security/2022/dsa-5131 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:38:56.676Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { name: "DSA-5128", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { name: "DSA-5131", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:7u331", }, { status: "affected", version: "Oracle Java SE:8u321", }, { status: "affected", version: "Oracle Java SE:11.0.14", }, { status: "affected", version: "Oracle Java SE:17.0.2", }, { status: "affected", version: "Oracle Java SE:18", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.5", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.0.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-14T11:06:05", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { name: "DSA-5128", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { name: "DSA-5131", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2022-21476", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Oracle Java SE:7u331", }, { version_affected: "=", version_value: "Oracle Java SE:8u321", }, { version_affected: "=", version_value: "Oracle Java SE:11.0.14", }, { version_affected: "=", version_value: "Oracle Java SE:17.0.2", }, { version_affected: "=", version_value: "Oracle Java SE:18", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:20.3.5", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:21.3.1", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:22.0.0.2", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", }, ], }, impact: { cvss: { baseScore: "7.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220429-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { name: "DSA-5128", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5128", }, { name: "DSA-5131", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5131", }, { name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2022-21476", datePublished: "2022-04-19T20:38:20", dateReserved: "2021-11-15T00:00:00", dateUpdated: "2024-08-03T02:38:56.676Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-32208
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:32:55.993Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1590071", }, { name: "FEDORA-2022-1b3d7f6973", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { name: "DSA-5197", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213488", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in 7.84.0", }, ], }, ], descriptions: [ { lang: "en", value: "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-840", description: "Business Logic Errors (CWE-840)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T00:00:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1590071", }, { name: "FEDORA-2022-1b3d7f6973", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { name: "DSA-5197", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { url: "https://support.apple.com/kb/HT213488", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-32208", datePublished: "2022-07-07T00:00:00", dateReserved: "2022-06-01T00:00:00", dateUpdated: "2024-08-03T07:32:55.993Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14145
Vulnerability from cvelistv5
Published
2020-06-29 17:33
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 | x_refsource_MISC | |
| https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200709-0004/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2020/12/02/1 | mailing-list, x_refsource_MLIST | |
| https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d | x_refsource_MISC | |
| https://docs.ssh-mitm.at/CVE-2020-14145.html | x_refsource_MISC | |
| https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202105-35 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:39:36.101Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200709-0004/", }, { name: "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/12/02/1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.ssh-mitm.at/CVE-2020-14145.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", }, { name: "GLSA-202105-35", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202105-35", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-26T13:06:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", }, { tags: [ "x_refsource_MISC", ], url: "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200709-0004/", }, { name: "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/12/02/1", }, { tags: [ "x_refsource_MISC", ], url: "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.ssh-mitm.at/CVE-2020-14145.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", }, { name: "GLSA-202105-35", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202105-35", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-14145", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", refsource: "MISC", url: "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", }, { name: "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", refsource: "MISC", url: "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", }, { name: "https://security.netapp.com/advisory/ntap-20200709-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200709-0004/", }, { name: "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/12/02/1", }, { name: "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", refsource: "MISC", url: "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", }, { name: "https://docs.ssh-mitm.at/CVE-2020-14145.html", refsource: "MISC", url: "https://docs.ssh-mitm.at/CVE-2020-14145.html", }, { name: "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", refsource: "MISC", url: "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", }, { name: "GLSA-202105-35", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202105-35", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-14145", datePublished: "2020-06-29T17:33:36", dateReserved: "2020-06-15T00:00:00", dateUpdated: "2024-08-04T12:39:36.101Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19050
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4258-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html | x_refsource_MISC | |
| https://usn.ubuntu.com/4284-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:38.133Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", }, { name: "FEDORA-2019-021c968423", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4258-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4258-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", }, { name: "USN-4284-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4284-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-02T20:06:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", }, { name: "FEDORA-2019-021c968423", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4258-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4258-1/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", }, { name: "USN-4284-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4284-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19050", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", }, { name: "FEDORA-2019-021c968423", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4258-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4258-1/", }, { name: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", }, { name: "USN-4284-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4284-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19050", datePublished: "2019-11-18T05:23:47", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:38.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22576
Vulnerability from cvelistv5
Published
2022-05-26 00:00
Modified
2024-08-03 03:14
Severity ?
EPSS score ?
Summary
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in curl 7.83.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:55.806Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1526328", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { name: "DSA-5197", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in curl 7.83.0", }, ], }, ], descriptions: [ { lang: "en", value: "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "Improper Authentication - Generic (CWE-287)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T00:00:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1526328", }, { url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { name: "DSA-5197", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-22576", datePublished: "2022-05-26T00:00:00", dateReserved: "2022-01-04T00:00:00", dateUpdated: "2024-08-03T03:14:55.806Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35494
Vulnerability from cvelistv5
Published
2021-01-04 14:23
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1911439 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210212-0007/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:08.273Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911439", }, { name: "FEDORA-2020-28c78a6ac3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "binutils", vendor: "n/a", versions: [ { status: "affected", version: "binutils 2.34", }, ], }, ], descriptions: [ { lang: "en", value: "There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-908", description: "CWE-908", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-10T04:06:34", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911439", }, { name: "FEDORA-2020-28c78a6ac3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-35494", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "binutils", version: { version_data: [ { version_value: "binutils 2.34", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-908", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1911439", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911439", }, { name: "FEDORA-2020-28c78a6ac3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { name: "https://security.netapp.com/advisory/ntap-20210212-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-35494", datePublished: "2021-01-04T14:23:23", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-04T17:02:08.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21540
Vulnerability from cvelistv5
Published
2022-07-19 00:00
Modified
2024-08-03 02:46
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u343 Version: Oracle Java SE:8u333 Version: Oracle Java SE:11.0.15.1 Version: Oracle Java SE:17.0.3.1 Version: Oracle Java SE:18.0.1.1 Version: Oracle GraalVM Enterprise Edition:20.3.6 Version: Oracle GraalVM Enterprise Edition:21.3.2 Version: Oracle GraalVM Enterprise Edition:22.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:46:39.111Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "DSA-5188", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { name: "DSA-5192", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-19b6f21746", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { name: "FEDORA-2022-ae563934f7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { name: "FEDORA-2022-e573851f56", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { name: "FEDORA-2022-d26586b419", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { name: "FEDORA-2022-80afe2304a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { name: "FEDORA-2022-b76ab52e73", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { name: "GLSA-202401-25", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-25", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:7u343", }, { status: "affected", version: "Oracle Java SE:8u333", }, { status: "affected", version: "Oracle Java SE:11.0.15.1", }, { status: "affected", version: "Oracle Java SE:17.0.3.1", }, { status: "affected", version: "Oracle Java SE:18.0.1.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.6", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.2", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-17T15:06:26.613438", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "DSA-5188", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { name: "DSA-5192", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-19b6f21746", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { name: "FEDORA-2022-ae563934f7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { name: "FEDORA-2022-e573851f56", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { name: "FEDORA-2022-d26586b419", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { name: "FEDORA-2022-80afe2304a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { name: "FEDORA-2022-b76ab52e73", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { name: "GLSA-202401-25", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-25", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2022-21540", datePublished: "2022-07-19T00:00:00", dateReserved: "2021-11-15T00:00:00", dateUpdated: "2024-08-03T02:46:39.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28893
Vulnerability from cvelistv5
Published
2022-04-11 04:15
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
References
| ▼ | URL | Tags |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/04/11/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2022/04/11/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2022/04/11/5 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220526-0002/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2022/dsa-5161 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:56.796Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a", }, { name: "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/4", }, { name: "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/3", }, { name: "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/5", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220526-0002/", }, { name: "DSA-5161", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5161", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-13T10:06:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a", }, { name: "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/4", }, { name: "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/3", }, { name: "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/5", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220526-0002/", }, { name: "DSA-5161", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5161", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28893", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a", }, { name: "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/11/4", }, { name: "[oss-security] 20220411 CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/11/3", }, { name: "[oss-security] 20220411 Re: CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/11/5", }, { name: "https://security.netapp.com/advisory/ntap-20220526-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220526-0002/", }, { name: "DSA-5161", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5161", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28893", datePublished: "2022-04-11T04:15:06", dateReserved: "2022-04-11T00:00:00", dateUpdated: "2024-08-03T06:10:56.796Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27778
Vulnerability from cvelistv5
Published
2022-06-01 19:03
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1553598 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220609-0009/ | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20220729-0004/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: fixed in 7.83.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.845Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1553598", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220729-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "fixed in 7.83.1", }, ], }, ], descriptions: [ { lang: "en", value: "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-706", description: "Use of Incorrectly-Resolved Name or Reference (CWE-706)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-29T19:09:59", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1553598", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220729-0004/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2022-27778", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "https://github.com/curl/curl", version: { version_data: [ { version_value: "fixed in 7.83.1", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Use of Incorrectly-Resolved Name or Reference (CWE-706)", }, ], }, ], }, references: { reference_data: [ { name: "https://hackerone.com/reports/1553598", refsource: "MISC", url: "https://hackerone.com/reports/1553598", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220609-0009/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { name: "https://security.netapp.com/advisory/ntap-20220729-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220729-0004/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-27778", datePublished: "2022-06-01T19:03:32", dateReserved: "2022-03-23T00:00:00", dateUpdated: "2024-08-03T05:32:59.845Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29369
Vulnerability from cvelistv5
Published
2020-11-28 06:20
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c | x_refsource_MISC | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=2056 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210115-0001/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2021/02/10/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2021/02/19/8 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:48:01.675Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2056", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210115-0001/", }, { name: "[oss-security] 20210210 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/02/10/6", }, { name: "[oss-security] 20210219 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/02/19/8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-19T21:06:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2056", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210115-0001/", }, { name: "[oss-security] 20210210 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/02/10/6", }, { name: "[oss-security] 20210219 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/02/19/8", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-29369", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2056", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2056", }, { name: "https://security.netapp.com/advisory/ntap-20210115-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210115-0001/", }, { name: "[oss-security] 20210210 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/02/10/6", }, { name: "[oss-security] 20210219 Re: CVE-2021-20200: Linux kernel: close race between munmap() and expand_upwards()/downwards()", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/02/19/8", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-29369", datePublished: "2020-11-28T06:20:14", dateReserved: "2020-11-28T00:00:00", dateUpdated: "2024-08-04T16:48:01.675Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21449
Vulnerability from cvelistv5
Published
2022-04-19 20:37
Modified
2024-09-24 20:10
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:38:56.511Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "[oss-security] 20220428 CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/2", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/3", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/4", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/5", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/6", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/7", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { name: "[oss-security] 20220429 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/29/1", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/1", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/2", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/4", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/3", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/05/01/1", }, { name: "[oss-security] 20220501 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/05/01/2", }, { name: "[oss-security] 20220502 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/05/02/1", }, { name: "DSA-5128", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { name: "DSA-5131", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5131", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-21449", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-24T13:53:54.479041Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-24T20:10:30.389Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:17.0.2", }, { status: "affected", version: "Oracle Java SE:18", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.0.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T22:06:07", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "[oss-security] 20220428 CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/2", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/3", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/4", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/5", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/6", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/7", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { name: "[oss-security] 20220429 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/29/1", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/1", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/2", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/4", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/3", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/05/01/1", }, { name: "[oss-security] 20220501 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/05/01/2", }, { name: "[oss-security] 20220502 Re: CVE-2022-21449 and version reporting", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/05/02/1", }, { name: "DSA-5128", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { name: "DSA-5131", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5131", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2022-21449", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Oracle Java SE:17.0.2", }, { version_affected: "=", version_value: "Oracle Java SE:18", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:21.3.1", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:22.0.0.2", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], }, impact: { cvss: { baseScore: "7.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "[oss-security] 20220428 CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/28/2", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/28/3", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/28/4", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/28/5", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/28/6", }, { name: "[oss-security] 20220428 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/28/7", }, { name: "https://security.netapp.com/advisory/ntap-20220429-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { name: "[oss-security] 20220429 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/29/1", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/30/1", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/30/2", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/30/4", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/04/30/3", }, { name: "[oss-security] 20220430 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/05/01/1", }, { name: "[oss-security] 20220501 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/05/01/2", }, { name: "[oss-security] 20220502 Re: CVE-2022-21449 and version reporting", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/05/02/1", }, { name: "DSA-5128", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5128", }, { name: "DSA-5131", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5131", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2022-21449", datePublished: "2022-04-19T20:37:39", dateReserved: "2021-11-15T00:00:00", dateUpdated: "2024-09-24T20:10:30.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13143
Vulnerability from cvelistv5
Published
2020-05-18 17:50
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:11:19.057Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.spinics.net/lists/linux-usb/msg194331.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "openSUSE-SU-2020:0935", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { name: "USN-4413-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4413-1/", }, { name: "USN-4411-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4411-1/", }, { name: "USN-4412-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4412-1/", }, { name: "USN-4419-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4419-1/", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4414-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-04T22:50:50", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f", }, { tags: [ "x_refsource_MISC", ], url: "https://www.spinics.net/lists/linux-usb/msg194331.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "openSUSE-SU-2020:0935", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { name: "USN-4413-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4413-1/", }, { name: "USN-4411-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4411-1/", }, { name: "USN-4412-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4412-1/", }, { name: "USN-4419-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4419-1/", }, { name: "USN-4414-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4414-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13143", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f", }, { name: "https://www.spinics.net/lists/linux-usb/msg194331.html", refsource: "MISC", url: "https://www.spinics.net/lists/linux-usb/msg194331.html", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "openSUSE-SU-2020:0801", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "openSUSE-SU-2020:0935", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { name: "USN-4413-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4413-1/", }, { name: "USN-4411-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4411-1/", }, { name: "USN-4412-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4412-1/", }, { name: "USN-4419-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4419-1/", }, { name: "USN-4414-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4414-1/", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13143", datePublished: "2020-05-18T17:50:53", dateReserved: "2020-05-18T00:00:00", dateUpdated: "2024-08-04T12:11:19.057Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-17498
Vulnerability from cvelistv5
Published
2019-10-21 00:00
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:40:15.913Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", }, { tags: [ "x_transferred", ], url: "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", }, { tags: [ "x_transferred", ], url: "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", }, { name: "FEDORA-2019-91529f19e4", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/", }, { name: "openSUSE-SU-2019:2483", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", }, { name: "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", }, { name: "FEDORA-2019-ec04c34768", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/", }, { tags: [ "x_transferred", ], url: "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c", }, { name: "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220909-0004/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html", }, { name: "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T13:06:20.499920", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", }, { url: "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", }, { url: "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", }, { name: "FEDORA-2019-91529f19e4", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/", }, { name: "openSUSE-SU-2019:2483", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", }, { name: "[debian-lts-announce] 20191113 [SECURITY] [DLA 1991-1] libssh2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", }, { name: "FEDORA-2019-ec04c34768", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/", }, { url: "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c", }, { name: "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html", }, { url: "https://security.netapp.com/advisory/ntap-20220909-0004/", }, { url: "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html", }, { name: "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-17498", datePublished: "2019-10-21T00:00:00", dateReserved: "2019-10-11T00:00:00", dateUpdated: "2024-08-05T01:40:15.913Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22897
Vulnerability from cvelistv5
Published
2021-06-11 15:49
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1172857 | x_refsource_MISC | |
| https://curl.se/docs/CVE-2021-22897.html | x_refsource_MISC | |
| https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511 | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210727-0007/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: 7.61.0 through 7.76.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:58:24.782Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1172857", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://curl.se/docs/CVE-2021-22897.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210727-0007/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "7.61.0 through 7.76.1", }, ], }, ], descriptions: [ { lang: "en", value: "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-840", description: "Business Logic Errors (CWE-840)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:53:46", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1172857", }, { tags: [ "x_refsource_MISC", ], url: "https://curl.se/docs/CVE-2021-22897.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210727-0007/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2021-22897", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "https://github.com/curl/curl", version: { version_data: [ { version_value: "7.61.0 through 7.76.1", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Business Logic Errors (CWE-840)", }, ], }, ], }, references: { reference_data: [ { name: "https://hackerone.com/reports/1172857", refsource: "MISC", url: "https://hackerone.com/reports/1172857", }, { name: "https://curl.se/docs/CVE-2021-22897.html", refsource: "MISC", url: "https://curl.se/docs/CVE-2021-22897.html", }, { name: "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511", refsource: "MISC", url: "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20210727-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210727-0007/", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2021-22897", datePublished: "2021-06-11T15:49:38", dateReserved: "2021-01-06T00:00:00", dateUpdated: "2024-08-03T18:58:24.782Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22876
Vulnerability from cvelistv5
Published
2021-04-01 17:45
Modified
2024-08-03 18:51
Severity ?
EPSS score ?
Summary
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: 7.1.1 to and including 7.75.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:51:07.627Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1101882", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://curl.se/docs/CVE-2021-22876.html", }, { name: "FEDORA-2021-cab5c9befb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/", }, { name: "FEDORA-2021-065371f385", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/", }, { name: "FEDORA-2021-26a293c72b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/", }, { name: "[debian-lts-announce] 20210517 [SECURITY] [DLA 2664-1] curl security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html", }, { name: "GLSA-202105-36", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202105-36", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210521-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "7.1.1 to and including 7.75.0", }, ], }, ], descriptions: [ { lang: "en", value: "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-359", description: "Privacy Violation (CWE-359)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-08T14:06:57", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1101882", }, { tags: [ "x_refsource_MISC", ], url: "https://curl.se/docs/CVE-2021-22876.html", }, { name: "FEDORA-2021-cab5c9befb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/", }, { name: "FEDORA-2021-065371f385", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/", }, { name: "FEDORA-2021-26a293c72b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/", }, { name: "[debian-lts-announce] 20210517 [SECURITY] [DLA 2664-1] curl security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html", }, { name: "GLSA-202105-36", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202105-36", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210521-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2021-22876", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "https://github.com/curl/curl", version: { version_data: [ { version_value: "7.1.1 to and including 7.75.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Privacy Violation (CWE-359)", }, ], }, ], }, references: { reference_data: [ { name: "https://hackerone.com/reports/1101882", refsource: "MISC", url: "https://hackerone.com/reports/1101882", }, { name: "https://curl.se/docs/CVE-2021-22876.html", refsource: "MISC", url: "https://curl.se/docs/CVE-2021-22876.html", }, { name: "FEDORA-2021-cab5c9befb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/", }, { name: "FEDORA-2021-065371f385", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/", }, { name: "FEDORA-2021-26a293c72b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/", }, { name: "[debian-lts-announce] 20210517 [SECURITY] [DLA 2664-1] curl security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html", }, { name: "GLSA-202105-36", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202105-36", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210521-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210521-0007/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2021-22876", datePublished: "2021-04-01T17:45:18", dateReserved: "2021-01-06T00:00:00", dateUpdated: "2024-08-03T18:51:07.627Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27774
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: curl 4.9 to and include curl 7.82.0 are affected |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.946Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1543773", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { name: "DSA-5197", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, { name: "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "curl 4.9 to and include curl 7.82.0 are affected", }, ], }, ], descriptions: [ { lang: "en", value: "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "Insufficiently Protected Credentials (CWE-522)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-28T00:00:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1543773", }, { url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { name: "DSA-5197", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { name: "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-27774", datePublished: "2022-06-01T00:00:00", dateReserved: "2022-03-23T00:00:00", dateUpdated: "2024-08-03T05:32:59.946Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2068
Vulnerability from cvelistv5
Published
2022-06-21 14:45
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:24:44.279Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20220621.txt", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", }, { name: "DSA-5169", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5169", }, { name: "FEDORA-2022-3b7d0abd0b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220707-0008/", }, { name: "FEDORA-2022-41890e9e44", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)", }, { status: "affected", version: "Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)", }, { status: "affected", version: "Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)", }, ], }, ], credits: [ { lang: "en", value: "Chancen (Qingteng 73lab)", }, ], datePublic: "2022-06-21T00:00:00", descriptions: [ { lang: "en", value: "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Command injection", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-10T00:00:00", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { url: "https://www.openssl.org/news/secadv/20220621.txt", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", }, { name: "DSA-5169", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5169", }, { name: "FEDORA-2022-3b7d0abd0b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", }, { url: "https://security.netapp.com/advisory/ntap-20220707-0008/", }, { name: "FEDORA-2022-41890e9e44", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", }, ], title: "The c_rehash script allows command injection", }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2022-2068", datePublished: "2022-06-21T14:45:20.597138Z", dateReserved: "2022-06-13T00:00:00", dateUpdated: "2024-09-16T19:41:46.658Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12771
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.892Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2020:1062", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html", }, { name: "openSUSE-SU-2020:1153", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html", }, { name: "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html", }, { name: "USN-4463-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4463-1/", }, { name: "USN-4465-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4465-1/", }, { name: "USN-4462-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4462-1/", }, { name: "USN-4483-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4483-1/", }, { name: "USN-4485-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4485-1/", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", }, { name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lkml.org/lkml/2020/4/26/87", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-14T17:20:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "openSUSE-SU-2020:1062", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html", }, { name: "openSUSE-SU-2020:1153", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html", }, { name: "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html", }, { name: "USN-4463-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4463-1/", }, { name: "USN-4465-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4465-1/", }, { name: "USN-4462-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4462-1/", }, { name: "USN-4483-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4483-1/", }, { name: "USN-4485-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4485-1/", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", }, { name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://lkml.org/lkml/2020/4/26/87", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12771", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2020:1062", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html", }, { name: "openSUSE-SU-2020:1153", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html", }, { name: "[debian-lts-announce] 20200812 [SECURITY] [DLA 2323-1] linux-4.19 new package", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html", }, { name: "USN-4463-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4463-1/", }, { name: "USN-4465-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4465-1/", }, { name: "USN-4462-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4462-1/", }, { name: "USN-4483-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4483-1/", }, { name: "USN-4485-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4485-1/", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", }, { name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "https://lkml.org/lkml/2020/4/26/87", refsource: "CONFIRM", url: "https://lkml.org/lkml/2020/4/26/87", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12771", datePublished: "2020-05-09T20:16:20", dateReserved: "2020-05-09T00:00:00", dateUpdated: "2024-08-04T12:04:22.892Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-25032
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/03/24/1", }, { tags: [ "x_transferred", ], url: "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531", }, { name: "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/03/25/2", }, { name: "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/03/26/1", }, { name: "DSA-5111", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5111", }, { name: "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html", }, { name: "FEDORA-2022-413a80a102", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/", }, { name: "FEDORA-2022-dbd2935e44", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/", }, { name: "FEDORA-2022-12b89e2aad", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/", }, { name: "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html", }, { name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { name: "FEDORA-2022-61cf1c64f6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/03/28/3", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/03/28/1", }, { tags: [ "x_transferred", ], url: "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12", }, { tags: [ "x_transferred", ], url: "https://github.com/madler/zlib/issues/605", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213257", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213256", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213255", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220526-0009/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220729-0004/", }, { name: "FEDORA-2022-3a92250fd5", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/", }, { name: "FEDORA-2022-b58a85e167", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/", }, { name: "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html", }, { name: "GLSA-202210-42", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-42", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.openwall.com/lists/oss-security/2022/03/24/1", }, { url: "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531", }, { name: "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/03/25/2", }, { name: "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/03/26/1", }, { name: "DSA-5111", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5111", }, { name: "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html", }, { name: "FEDORA-2022-413a80a102", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/", }, { name: "FEDORA-2022-dbd2935e44", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/", }, { name: "FEDORA-2022-12b89e2aad", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/", }, { name: "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html", }, { name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { name: "FEDORA-2022-61cf1c64f6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { url: "https://www.openwall.com/lists/oss-security/2022/03/28/3", }, { url: "https://www.openwall.com/lists/oss-security/2022/03/28/1", }, { url: "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12", }, { url: "https://github.com/madler/zlib/issues/605", }, { url: "https://support.apple.com/kb/HT213257", }, { url: "https://support.apple.com/kb/HT213256", }, { url: "https://support.apple.com/kb/HT213255", }, { url: "https://security.netapp.com/advisory/ntap-20220526-0009/", }, { url: "https://security.netapp.com/advisory/ntap-20220729-0004/", }, { name: "FEDORA-2022-3a92250fd5", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/", }, { name: "FEDORA-2022-b58a85e167", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/", }, { name: "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html", }, { name: "GLSA-202210-42", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202210-42", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-25032", datePublished: "2022-03-25T00:00:00", dateReserved: "2022-03-25T00:00:00", dateUpdated: "2024-08-05T12:26:39.599Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26932
Vulnerability from cvelistv5
Published
2021-02-17 00:00
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:33:41.471Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "http://xenbits.xen.org/xsa/advisory-361.html", }, { name: "FEDORA-2021-8d45d297c6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/", }, { name: "FEDORA-2021-7143aca8cb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210326-0001/", }, { name: "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ebee0eab08594b2bd5db716288a4f1ae5936e9bc", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-25T00:39:41.921830", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "http://xenbits.xen.org/xsa/advisory-361.html", }, { name: "FEDORA-2021-8d45d297c6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/", }, { name: "FEDORA-2021-7143aca8cb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { url: "https://security.netapp.com/advisory/ntap-20210326-0001/", }, { name: "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html", }, { url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ebee0eab08594b2bd5db716288a4f1ae5936e9bc", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-26932", datePublished: "2021-02-17T00:00:00", dateReserved: "2021-02-09T00:00:00", dateUpdated: "2024-08-03T20:33:41.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13817
Vulnerability from cvelistv5
Published
2020-06-04 12:31
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202007-12 | vendor-advisory, x_refsource_GENTOO | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
| http://support.ntp.org/bin/view/Main/NtpBug3596 | x_refsource_MISC | |
| https://bugs.ntp.org/show_bug.cgi?id=3596 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200625-0004/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.566Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2020:0934", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html", }, { name: "openSUSE-SU-2020:1007", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html", }, { name: "GLSA-202007-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202007-12", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://support.ntp.org/bin/view/Main/NtpBug3596", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.ntp.org/show_bug.cgi?id=3596", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200625-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-07T14:40:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "openSUSE-SU-2020:0934", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html", }, { name: "openSUSE-SU-2020:1007", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html", }, { name: "GLSA-202007-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202007-12", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "http://support.ntp.org/bin/view/Main/NtpBug3596", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.ntp.org/show_bug.cgi?id=3596", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200625-0004/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13817", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2020:0934", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html", }, { name: "openSUSE-SU-2020:1007", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html", }, { name: "GLSA-202007-12", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202007-12", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "http://support.ntp.org/bin/view/Main/NtpBug3596", refsource: "MISC", url: "http://support.ntp.org/bin/view/Main/NtpBug3596", }, { name: "https://bugs.ntp.org/show_bug.cgi?id=3596", refsource: "MISC", url: "https://bugs.ntp.org/show_bug.cgi?id=3596", }, { name: "https://security.netapp.com/advisory/ntap-20200625-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200625-0004/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13817", datePublished: "2020-06-04T12:31:55", dateReserved: "2020-06-04T00:00:00", dateUpdated: "2024-08-04T12:25:16.566Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35495
Vulnerability from cvelistv5
Published
2021-01-04 14:23
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1911441 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210212-0007/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:08.152Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911441", }, { name: "FEDORA-2020-28c78a6ac3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "binutils", vendor: "n/a", versions: [ { status: "affected", version: "binutils 2.34", }, ], }, ], descriptions: [ { lang: "en", value: "There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-10T04:06:55", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911441", }, { name: "FEDORA-2020-28c78a6ac3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-35495", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "binutils", version: { version_data: [ { version_value: "binutils 2.34", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1911441", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911441", }, { name: "FEDORA-2020-28c78a6ac3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { name: "https://security.netapp.com/advisory/ntap-20210212-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-35495", datePublished: "2021-01-04T14:23:52", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-04T17:02:08.152Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-1971
Vulnerability from cvelistv5
Published
2020-12-08 15:30
Modified
2024-09-17 02:57
Severity ?
EPSS score ?
Summary
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:54:00.529Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20201208.txt", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e", }, { name: "DSA-4807", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4807", }, { name: "FreeBSD-SA-20:33", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc", }, { name: "[debian-lts-announce] 20201214 [SECURITY] [DLA 2493-1] openssl1.0 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html", }, { name: "[debian-lts-announce] 20201214 [SECURITY] [DLA 2492-1] openssl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html", }, { name: "FEDORA-2020-ef1870065a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/", }, { name: "[pulsar-commits] 20201216 [GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported.", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E", }, { name: "FEDORA-2020-a31b01e945", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/", }, { name: "GLSA-202012-13", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202012-13", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2020-11", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201218-0005/", }, { tags: [ "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676", }, { name: "[tomcat-dev] 20210207 [Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40.", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-10", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2021-09", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210513-0002/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/09/14/2", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h)", }, { status: "affected", version: "Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w)", }, ], }, ], credits: [ { lang: "en", value: "David Benjamin (Google)", }, ], datePublic: "2020-12-08T00:00:00", descriptions: [ { lang: "en", value: "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#High", value: "High", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "NULL pointer dereference", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:06:11.147749", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { url: "https://www.openssl.org/news/secadv/20201208.txt", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e", }, { name: "DSA-4807", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2020/dsa-4807", }, { name: "FreeBSD-SA-20:33", tags: [ "vendor-advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc", }, { name: "[debian-lts-announce] 20201214 [SECURITY] [DLA 2493-1] openssl1.0 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html", }, { name: "[debian-lts-announce] 20201214 [SECURITY] [DLA 2492-1] openssl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html", }, { name: "FEDORA-2020-ef1870065a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/", }, { name: "[pulsar-commits] 20201216 [GitHub] [pulsar] phijohns-tibco opened a new issue #8978: OpenSSL needs to be updated to 1.1.1i current version is unsupported.", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E", }, { name: "FEDORA-2020-a31b01e945", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/", }, { name: "GLSA-202012-13", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202012-13", }, { url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { url: "https://www.tenable.com/security/tns-2020-11", }, { url: "https://security.netapp.com/advisory/ntap-20201218-0005/", }, { url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676", }, { name: "[tomcat-dev] 20210207 [Bug 65126] New: A security vulnerability cve-2020-1971 in Tomcat dependency Library in version 9.0.40.", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E", }, { url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { url: "https://www.tenable.com/security/tns-2021-10", }, { url: "https://www.tenable.com/security/tns-2021-09", }, { url: "https://security.netapp.com/advisory/ntap-20210513-0002/", }, { url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/09/14/2", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "EDIPARTYNAME NULL pointer dereference", }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2020-1971", datePublished: "2020-12-08T15:30:16.835255Z", dateReserved: "2019-12-03T00:00:00", dateUpdated: "2024-09-17T02:57:20.238Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19061
Vulnerability from cvelistv5
Published
2019-11-18 05:24
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873 | x_refsource_MISC | |
| https://usn.ubuntu.com/4208-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4526-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:38.231Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873", }, { name: "USN-4208-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4208-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4526-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4526-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-25T17:06:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873", }, { name: "USN-4208-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4208-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4526-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4526-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19061", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { name: "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873", }, { name: "USN-4208-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4208-1/", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4526-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4526-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19061", datePublished: "2019-11-18T05:24:03", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:38.231Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-4209
Vulnerability from cvelistv5
Published
2022-08-24 15:07
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/gnutls/gnutls/-/issues/1306 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2044156 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2021-4209 | x_refsource_MISC | |
| https://gitlab.com/gnutls/gnutls/-/merge_requests/1503 | x_refsource_MISC | |
| https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220915-0005/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:16:04.444Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/gnutls/gnutls/-/issues/1306", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2021-4209", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220915-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "GnuTLS", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in gnutls v3.7.3", }, ], }, ], descriptions: [ { lang: "en", value: "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 - NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-15T17:06:40", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/gnutls/gnutls/-/issues/1306", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/CVE-2021-4209", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220915-0005/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-4209", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "GnuTLS", version: { version_data: [ { version_value: "Fixed in gnutls v3.7.3", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476 - NULL Pointer Dereference", }, ], }, ], }, references: { reference_data: [ { name: "https://gitlab.com/gnutls/gnutls/-/issues/1306", refsource: "MISC", url: "https://gitlab.com/gnutls/gnutls/-/issues/1306", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156", }, { name: "https://access.redhat.com/security/cve/CVE-2021-4209", refsource: "MISC", url: "https://access.redhat.com/security/cve/CVE-2021-4209", }, { name: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503", refsource: "MISC", url: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503", }, { name: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568", refsource: "MISC", url: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568", }, { name: "https://security.netapp.com/advisory/ntap-20220915-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220915-0005/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-4209", datePublished: "2022-08-24T15:07:31", dateReserved: "2022-01-24T00:00:00", dateUpdated: "2024-08-03T17:16:04.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30115
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-03 06:40
Severity ?
EPSS score ?
Summary
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.83.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:40:47.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1557449", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { name: "[oss-security] 20221026 [SECURITY ADVISORY] CVE-2022-42916: HSTS bypass via IDN (curl)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/10/26/4", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, { name: "[oss-security] 20221221 curl: CVE-2022-43551: Another HSTS bypass via IDN", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/12/21/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in 7.83.1", }, ], }, ], descriptions: [ { lang: "en", value: "Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-325", description: "Missing Required Cryptographic Step (CWE-325)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-21T00:00:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1557449", }, { url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { name: "[oss-security] 20221026 [SECURITY ADVISORY] CVE-2022-42916: HSTS bypass via IDN (curl)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/10/26/4", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { name: "[oss-security] 20221221 curl: CVE-2022-43551: Another HSTS bypass via IDN", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/12/21/1", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-30115", datePublished: "2022-06-01T00:00:00", dateReserved: "2022-05-02T00:00:00", dateUpdated: "2024-08-03T06:40:47.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-34169
Vulnerability from cvelistv5
Published
2022-07-19 00:00
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xalan-J |
Version: Xalan-J < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T08:16:17.277Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw", }, { name: "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/5", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/6", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/2", }, { name: "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/3", }, { name: "DSA-5188", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { name: "DSA-5192", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-19b6f21746", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { name: "FEDORA-2022-ae563934f7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { name: "FEDORA-2022-e573851f56", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { name: "FEDORA-2022-d26586b419", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { name: "FEDORA-2022-80afe2304a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { name: "FEDORA-2022-b76ab52e73", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html", }, { name: "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/10/18/2", }, { name: "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html", }, { name: "DSA-5256", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5256", }, { name: "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/04/8", }, { name: "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/07/2", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-25", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Xalan-J", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.7.2", status: "affected", version: "Xalan-J", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Reported by Felix Wilhelm, Google Project Zero", }, ], descriptions: [ { lang: "en", value: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", }, ], problemTypes: [ { descriptions: [ { description: "integer truncation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:07:47.103Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8", }, { url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw", }, { name: "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/5", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/6", }, { name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/2", }, { name: "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/3", }, { name: "DSA-5188", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { name: "DSA-5192", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-19b6f21746", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { name: "FEDORA-2022-ae563934f7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { name: "FEDORA-2022-e573851f56", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { name: "FEDORA-2022-d26586b419", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { name: "FEDORA-2022-80afe2304a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { name: "FEDORA-2022-b76ab52e73", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html", }, { name: "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/10/18/2", }, { name: "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html", }, { name: "DSA-5256", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5256", }, { name: "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/04/8", }, { name: "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/07/2", }, { url: "https://security.gentoo.org/glsa/202401-25", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-34169", datePublished: "2022-07-19T00:00:00.000Z", dateReserved: "2022-06-21T00:00:00.000Z", dateUpdated: "2025-02-13T16:32:44.088Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-32206
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:32:56.021Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1570651", }, { name: "FEDORA-2022-1b3d7f6973", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { name: "DSA-5197", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213488", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, { name: "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/02/15/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in 7.84.0", }, ], }, ], descriptions: [ { lang: "en", value: "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "Allocation of Resources Without Limits or Throttling (CWE-770)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-15T00:00:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1570651", }, { name: "FEDORA-2022-1b3d7f6973", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { name: "DSA-5197", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { url: "https://support.apple.com/kb/HT213488", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { name: "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/02/15/3", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-32206", datePublished: "2022-07-07T00:00:00", dateReserved: "2022-06-01T00:00:00", dateUpdated: "2024-08-03T07:32:56.021Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35496
Vulnerability from cvelistv5
Published
2021-01-04 14:24
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1911444 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210212-0007/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:08.151Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911444", }, { name: "FEDORA-2020-28c78a6ac3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "binutils", vendor: "n/a", versions: [ { status: "affected", version: "binutils 2.34", }, ], }, ], descriptions: [ { lang: "en", value: "There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-10T04:06:58", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911444", }, { name: "FEDORA-2020-28c78a6ac3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-35496", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "binutils", version: { version_data: [ { version_value: "binutils 2.34", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1911444", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911444", }, { name: "FEDORA-2020-28c78a6ac3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { name: "https://security.netapp.com/advisory/ntap-20210212-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-35496", datePublished: "2021-01-04T14:24:21", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-04T17:02:08.151Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35507
Vulnerability from cvelistv5
Published
2021-01-04 14:24
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1911691 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210212-0007/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:08.104Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911691", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "binutils", vendor: "n/a", versions: [ { status: "affected", version: "binutils 2.34", }, ], }, ], descriptions: [ { lang: "en", value: "There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-10T04:06:32", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911691", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-35507", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "binutils", version: { version_data: [ { version_value: "binutils 2.34", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1911691", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911691", }, { name: "https://security.netapp.com/advisory/ntap-20210212-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-35507", datePublished: "2021-01-04T14:24:56", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-04T17:02:08.104Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8286
Vulnerability from cvelistv5
Published
2020-12-14 19:39
Modified
2024-11-15 15:30
Severity ?
EPSS score ?
Summary
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: 7.41.0 to and including 7.73.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.324Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1048457", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://curl.se/docs/CVE-2020-8286.html", }, { name: "FEDORA-2020-ceaf490686", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { name: "FEDORA-2020-7ab62c73bc", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { name: "GLSA-202012-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202012-14", }, { name: "DSA-4881", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Apr/51", }, { name: "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Apr/50", }, { name: "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Apr/54", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212325", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212326", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212327", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-8286", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T15:29:39.778689Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T15:30:03.757Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "7.41.0 to and including 7.73.0", }, ], }, ], descriptions: [ { lang: "en", value: "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "Improper Certificate Validation (CWE-295)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:23:30", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1048457", }, { tags: [ "x_refsource_MISC", ], url: "https://curl.se/docs/CVE-2020-8286.html", }, { name: "FEDORA-2020-ceaf490686", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { name: "FEDORA-2020-7ab62c73bc", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { name: "GLSA-202012-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202012-14", }, { name: "DSA-4881", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Apr/51", }, { name: "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Apr/50", }, { name: "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Apr/54", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212325", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212326", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212327", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8286", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "https://github.com/curl/curl", version: { version_data: [ { version_value: "7.41.0 to and including 7.73.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Certificate Validation (CWE-295)", }, ], }, ], }, references: { reference_data: [ { name: "https://hackerone.com/reports/1048457", refsource: "MISC", url: "https://hackerone.com/reports/1048457", }, { name: "https://curl.se/docs/CVE-2020-8286.html", refsource: "MISC", url: "https://curl.se/docs/CVE-2020-8286.html", }, { name: "FEDORA-2020-ceaf490686", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { name: "FEDORA-2020-7ab62c73bc", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { name: "GLSA-202012-14", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202012-14", }, { name: "DSA-4881", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4881", }, { name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Apr/51", }, { name: "20210427 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Apr/50", }, { name: "20210427 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Apr/54", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210122-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { name: "https://support.apple.com/kb/HT212325", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212325", }, { name: "https://support.apple.com/kb/HT212326", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212326", }, { name: "https://support.apple.com/kb/HT212327", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212327", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8286", datePublished: "2020-12-14T19:39:28", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-11-15T15:30:03.757Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35252
Vulnerability from cvelistv5
Published
2022-09-23 00:00
Modified
2024-08-03 09:29
Severity ?
EPSS score ?
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in curl 7.85.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:29:17.455Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1613943", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220930-0005/", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213603", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213604", }, { name: "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Jan/20", }, { name: "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Jan/21", }, { name: "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in curl 7.85.0", }, ], }, ], descriptions: [ { lang: "en", value: "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "Improper Input Validation (CWE-20)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-28T00:00:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1613943", }, { url: "https://security.netapp.com/advisory/ntap-20220930-0005/", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { url: "https://support.apple.com/kb/HT213603", }, { url: "https://support.apple.com/kb/HT213604", }, { name: "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2023/Jan/20", }, { name: "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2023/Jan/21", }, { name: "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-35252", datePublished: "2022-09-23T00:00:00", dateReserved: "2022-07-06T00:00:00", dateUpdated: "2024-08-03T09:29:17.455Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19063
Vulnerability from cvelistv5
Published
2019-11-18 05:24
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:39.242Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2019-021c968423", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { name: "openSUSE-SU-2019:2675", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/10", }, { name: "USN-4254-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4254-1/", }, { name: "USN-4254-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4254-2/", }, { name: "USN-4285-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4285-1/", }, { name: "USN-4287-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4287-1/", }, { name: "USN-4287-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4287-2/", }, { name: "USN-4284-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4284-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-14T17:20:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FEDORA-2019-021c968423", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { name: "openSUSE-SU-2019:2675", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/10", }, { name: "USN-4254-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4254-1/", }, { name: "USN-4254-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4254-2/", }, { name: "USN-4285-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4285-1/", }, { name: "USN-4287-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4287-1/", }, { name: "USN-4287-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4287-2/", }, { name: "USN-4284-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4284-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19063", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2019-021c968423", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { name: "openSUSE-SU-2019:2675", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/10", }, { name: "USN-4254-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4254-1/", }, { name: "USN-4254-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4254-2/", }, { name: "USN-4285-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4285-1/", }, { name: "USN-4287-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4287-1/", }, { name: "USN-4287-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4287-2/", }, { name: "USN-4284-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4284-1/", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb", }, { name: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19063", datePublished: "2019-11-18T05:24:05", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:39.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0201
Vulnerability from cvelistv5
Published
2019-05-23 13:42
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache ZooKeeper |
Version: 1.0.0 to 3.4.13 Version: 3.5.0-alpha to 3.5.4-beta |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:44:14.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "108427", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108427", }, { name: "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { name: "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E", }, { name: "DSA-4461", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4461", }, { name: "20190612 [SECURITY] [DSA 4461-1] zookeeper security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jun/13", }, { name: "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { name: "RHSA-2019:3140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4352", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache ZooKeeper", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.0.0 to 3.4.13", }, { status: "affected", version: "3.5.0-alpha to 3.5.4-beta", }, ], }, ], descriptions: [ { lang: "en", value: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-16T12:06:09", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "108427", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108427", }, { name: "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { name: "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E", }, { name: "DSA-4461", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4461", }, { name: "20190612 [SECURITY] [DSA 4461-1] zookeeper security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jun/13", }, { name: "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { name: "RHSA-2019:3140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4352", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-0201", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache ZooKeeper", version: { version_data: [ { version_value: "1.0.0 to 3.4.13", }, { version_value: "3.5.0-alpha to 3.5.4-beta", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "108427", refsource: "BID", url: "http://www.securityfocus.com/bid/108427", }, { name: "[debian-lts-announce] 20190524 [SECURITY] [DLA 1801-1] zookeeper security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { name: "[bookkeeper-issues] 20190531 [GitHub] [bookkeeper] eolivelli opened a new issue #2106: Update ZookKeeper dependency to 3.5.5", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[accumulo-commits] 20190605 [accumulo] branch 2.0 updated: Update ZooKeeper (CVE-2019-0201)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a@%3Ccommits.accumulo.apache.org%3E", }, { name: "DSA-4461", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4461", }, { name: "20190612 [SECURITY] [DSA 4461-1] zookeeper security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jun/13", }, { name: "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", }, { name: "RHSA-2019:3140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2019:3892", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { name: "RHSA-2019:4352", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", refsource: "MISC", url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { name: "https://zookeeper.apache.org/security.html#CVE-2019-0201", refsource: "CONFIRM", url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, { name: "https://security.netapp.com/advisory/ntap-20190619-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[hadoop-common-issues] 20210816 [GitHub] [hadoop] iwasakims opened a new pull request #3308: HADOOP-17850. Upgrade ZooKeeper to 3.4.14 in branch-3.2.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b@%3Ccommon-issues.hadoop.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-0201", datePublished: "2019-05-23T13:42:47", dateReserved: "2018-11-14T00:00:00", dateUpdated: "2024-08-04T17:44:14.871Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20322
Vulnerability from cvelistv5
Published
2022-02-18 17:50
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:37:23.666Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2014230", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kernel", vendor: "n/a", versions: [ { status: "affected", version: "kernel 5.15-rc1", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-330", description: "CWE-330", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:24:33", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2014230", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0002/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-20322", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "kernel", version: { version_data: [ { version_value: "kernel 5.15-rc1", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-330", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2014230", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2014230", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5096", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0002/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20322", datePublished: "2022-02-18T17:50:45", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:37:23.666Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-36516
Vulnerability from cvelistv5
Published
2022-02-26 03:14
Modified
2024-08-04 17:30
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
References
| ▼ | URL | Tags |
|---|---|---|
| https://dl.acm.org/doi/10.1145/3372297.3417884 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220331-0003/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:30:08.304Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://dl.acm.org/doi/10.1145/3372297.3417884", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220331-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-31T08:06:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://dl.acm.org/doi/10.1145/3372297.3417884", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220331-0003/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-36516", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://dl.acm.org/doi/10.1145/3372297.3417884", refsource: "MISC", url: "https://dl.acm.org/doi/10.1145/3372297.3417884", }, { name: "https://security.netapp.com/advisory/ntap-20220331-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220331-0003/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-36516", datePublished: "2022-02-26T03:14:46", dateReserved: "2022-02-26T00:00:00", dateUpdated: "2024-08-04T17:30:08.304Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-2161
Vulnerability from cvelistv5
Published
2021-04-22 21:53
Modified
2024-09-26 15:33
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE:7u291 Version: Java SE:8u281 Version: Java SE:11.0.10 Version: Java SE:16 Version: Java SE Embedded:8u281 Version: Oracle GraalVM Enterprise Edition:19.3.5 Version: Oracle GraalVM Enterprise Edition:20.3.1.2 Version: Oracle GraalVM Enterprise Edition:21.0.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:32:03.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { name: "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { name: "DSA-4899", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4899", }, { name: "FEDORA-2021-6eb9bbbf0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { name: "FEDORA-2021-65aa196c14", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { name: "FEDORA-2021-25b47f16af", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { name: "FEDORA-2021-8b80ef64f1", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { name: "FEDORA-2021-f71b592e07", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { name: "FEDORA-2021-b88e86b753", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", }, { name: "GLSA-202209-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-05", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-2161", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:44:10.262858Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:33:42.318Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE:7u291", }, { status: "affected", version: "Java SE:8u281", }, { status: "affected", version: "Java SE:11.0.10", }, { status: "affected", version: "Java SE:16", }, { status: "affected", version: "Java SE Embedded:8u281", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:19.3.5", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.1.2", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.0.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-07T04:06:40", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { name: "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { name: "DSA-4899", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4899", }, { name: "FEDORA-2021-6eb9bbbf0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { name: "FEDORA-2021-65aa196c14", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { name: "FEDORA-2021-25b47f16af", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { name: "FEDORA-2021-8b80ef64f1", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { name: "FEDORA-2021-f71b592e07", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { name: "FEDORA-2021-b88e86b753", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", }, { name: "GLSA-202209-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-05", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2021-2161", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE:7u291", }, { version_affected: "=", version_value: "Java SE:8u281", }, { version_affected: "=", version_value: "Java SE:11.0.10", }, { version_affected: "=", version_value: "Java SE:16", }, { version_affected: "=", version_value: "Java SE Embedded:8u281", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:19.3.5", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:20.3.1.2", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:21.0.0.2", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], }, impact: { cvss: { baseScore: "5.9", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { name: "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { name: "DSA-4899", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4899", }, { name: "FEDORA-2021-6eb9bbbf0c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { name: "FEDORA-2021-65aa196c14", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { name: "FEDORA-2021-25b47f16af", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { name: "FEDORA-2021-8b80ef64f1", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { name: "FEDORA-2021-f71b592e07", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { name: "FEDORA-2021-b88e86b753", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { name: "https://security.netapp.com/advisory/ntap-20210513-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { name: "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures", refsource: "MISC", url: "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", }, { name: "GLSA-202209-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-05", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2021-2161", datePublished: "2021-04-22T21:53:46", dateReserved: "2020-12-09T00:00:00", dateUpdated: "2024-09-26T15:33:42.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38202
Vulnerability from cvelistv5
Published
2021-08-08 19:25
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:37:16.361Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-02T08:06:49", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38202", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { name: "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6", }, { name: "https://security.netapp.com/advisory/ntap-20210902-0010/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38202", datePublished: "2021-08-08T19:25:59", dateReserved: "2021-08-08T00:00:00", dateUpdated: "2024-08-04T01:37:16.361Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13272
Vulnerability from cvelistv5
Published
2019-07-17 12:32
Modified
2025-02-04 20:35
Severity ?
EPSS score ?
Summary
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:49:24.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { name: "FEDORA-2019-a95015e60f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { name: "DSA-4484", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4484", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { name: "RHSA-2019:2405", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { name: "RHSA-2019:2411", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { name: "USN-4093-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4093-1/", }, { name: "USN-4094-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4094-1/", }, { name: "USN-4095-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4095-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K91025336", }, { name: "USN-4117-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4117-1/", }, { name: "USN-4118-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4118-1/", }, { name: "RHSA-2019:2809", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-13272", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:35:06.511512Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-12-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-13272", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:35:33.942Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-23T18:06:10.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { name: "FEDORA-2019-a95015e60f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { name: "DSA-4484", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4484", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { name: "RHSA-2019:2405", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { name: "RHSA-2019:2411", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { name: "USN-4093-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4093-1/", }, { name: "USN-4094-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4094-1/", }, { name: "USN-4095-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4095-1/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K91025336", }, { name: "USN-4117-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4117-1/", }, { name: "USN-4118-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4118-1/", }, { name: "RHSA-2019:2809", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-13272", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { name: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { name: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", refsource: "MISC", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { name: "FEDORA-2019-a95015e60f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { name: "DSA-4484", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4484", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/33", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1862-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { name: "[debian-lts-announce] 20190723 [SECURITY] [DLA 1863-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { name: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { name: "https://security.netapp.com/advisory/ntap-20190806-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { name: "RHSA-2019:2405", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { name: "RHSA-2019:2411", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { name: "USN-4093-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4093-1/", }, { name: "USN-4094-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4094-1/", }, { name: "USN-4095-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4095-1/", }, { name: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { name: "https://support.f5.com/csp/article/K91025336", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K91025336", }, { name: "USN-4117-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4117-1/", }, { name: "USN-4118-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4118-1/", }, { name: "RHSA-2019:2809", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { name: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&utm_medium=RSS", }, { name: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { name: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { name: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13272", datePublished: "2019-07-17T12:32:55.000Z", dateReserved: "2019-07-04T00:00:00.000Z", dateUpdated: "2025-02-04T20:35:33.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12888
Vulnerability from cvelistv5
Published
2020-05-15 17:02
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:11:18.700Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/", }, { name: "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/05/19/6", }, { name: "FEDORA-2020-57bf620276", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/", }, { name: "FEDORA-2020-5436586091", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "openSUSE-SU-2020:0935", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { name: "openSUSE-SU-2020:1153", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html", }, { name: "USN-4526-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4526-1/", }, { name: "USN-4525-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4525-1/", }, { name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", }, { name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-31T17:06:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/", }, { tags: [ "x_refsource_MISC", ], url: "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/", }, { name: "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/05/19/6", }, { name: "FEDORA-2020-57bf620276", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/", }, { name: "FEDORA-2020-5436586091", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "openSUSE-SU-2020:0935", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { name: "openSUSE-SU-2020:1153", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html", }, { name: "USN-4526-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4526-1/", }, { name: "USN-4525-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4525-1/", }, { name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", }, { name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12888", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/", refsource: "MISC", url: "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/", }, { name: "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/", refsource: "MISC", url: "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit@gimli.home/", }, { name: "[oss-security] 20200519 CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/05/19/6", }, { name: "FEDORA-2020-57bf620276", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/", }, { name: "FEDORA-2020-5436586091", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "openSUSE-SU-2020:0935", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { name: "openSUSE-SU-2020:1153", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html", }, { name: "USN-4526-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4526-1/", }, { name: "USN-4525-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4525-1/", }, { name: "[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { name: "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", }, { name: "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12888", datePublished: "2020-05-15T17:02:20", dateReserved: "2020-05-15T00:00:00", dateUpdated: "2024-08-04T12:11:18.700Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18805
Vulnerability from cvelistv5
Published
2019-11-07 13:08
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2020:0740 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:02:39.538Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", }, { name: "openSUSE-SU-2019:2503", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", }, { name: "openSUSE-SU-2019:2507", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "RHSA-2020:0740", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0740", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-11T11:06:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", }, { name: "openSUSE-SU-2019:2503", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", }, { name: "openSUSE-SU-2019:2507", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "RHSA-2020:0740", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0740", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18805", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", }, { name: "openSUSE-SU-2019:2503", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", }, { name: "openSUSE-SU-2019:2507", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "RHSA-2020:0740", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0740", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18805", datePublished: "2019-11-07T13:08:05", dateReserved: "2019-11-07T00:00:00", dateUpdated: "2024-08-05T02:02:39.538Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3772
Vulnerability from cvelistv5
Published
2022-03-02 00:00
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:09:08.707Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000694", }, { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/CVE-2021-3772", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df", }, { tags: [ "x_transferred", ], url: "https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221007-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kernel", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in linux kernel v5.15 and above", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-354", description: "CWE-354 - Improper Validation of Integrity Check Value", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-07T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000694", }, { url: "https://ubuntu.com/security/CVE-2021-3772", }, { url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df", }, { url: "https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20221007-0001/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3772", datePublished: "2022-03-02T00:00:00", dateReserved: "2021-09-06T00:00:00", dateUpdated: "2024-08-03T17:09:08.707Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38199
Vulnerability from cvelistv5
Published
2021-08-08 19:27
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2021/dsa-4978 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:37:16.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { name: "DSA-4978", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4978", }, { name: "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html", }, { name: "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-17T00:06:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { name: "DSA-4978", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4978", }, { name: "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html", }, { name: "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38199", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { name: "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c", }, { name: "https://security.netapp.com/advisory/ntap-20210902-0010/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { name: "DSA-4978", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4978", }, { name: "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html", }, { name: "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38199", datePublished: "2021-08-08T19:27:50", dateReserved: "2021-08-08T00:00:00", dateUpdated: "2024-08-04T01:37:16.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1559
Vulnerability from cvelistv5
Published
2019-02-27 23:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:20:27.982Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "107174", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107174", }, { name: "GLSA-201903-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-10", }, { name: "USN-3899-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3899-1/", }, { name: "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", }, { name: "DSA-4400", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4400", }, { name: "openSUSE-SU-2019:1076", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", }, { name: "openSUSE-SU-2019:1105", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", }, { name: "openSUSE-SU-2019:1173", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", }, { name: "openSUSE-SU-2019:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", }, { name: "openSUSE-SU-2019:1432", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", }, { name: "openSUSE-SU-2019:1637", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", }, { name: "RHSA-2019:2304", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { name: "RHSA-2019:2439", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2439", }, { name: "RHSA-2019:2437", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2437", }, { name: "RHSA-2019:2471", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2471", }, { name: "FEDORA-2019-db06efdea1", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { name: "FEDORA-2019-00c25b9379", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { name: "FEDORA-2019-9a0a7c0986", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { name: "RHSA-2019:3929", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { name: "RHSA-2019:3931", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "USN-4376-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4376-2/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190301-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190301-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20190226.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K18549143", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2019-02", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2019-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)", }, ], }, ], credits: [ { lang: "en", value: "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt", }, ], datePublic: "2019-02-26T00:00:00", descriptions: [ { lang: "en", value: "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Padding Oracle", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-20T14:42:01", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "107174", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107174", }, { name: "GLSA-201903-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201903-10", }, { name: "USN-3899-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3899-1/", }, { name: "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", }, { name: "DSA-4400", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4400", }, { name: "openSUSE-SU-2019:1076", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", }, { name: "openSUSE-SU-2019:1105", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", }, { name: "openSUSE-SU-2019:1173", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", }, { name: "openSUSE-SU-2019:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", }, { name: "openSUSE-SU-2019:1432", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", }, { name: "openSUSE-SU-2019:1637", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", }, { name: "RHSA-2019:2304", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { name: "RHSA-2019:2439", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2439", }, { name: "RHSA-2019:2437", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2437", }, { name: "RHSA-2019:2471", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2471", }, { name: "FEDORA-2019-db06efdea1", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { name: "FEDORA-2019-00c25b9379", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { name: "FEDORA-2019-9a0a7c0986", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { name: "RHSA-2019:3929", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { name: "RHSA-2019:3931", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "USN-4376-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4376-2/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190301-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190301-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openssl.org/news/secadv/20190226.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K18549143", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2019-02", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2019-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS", }, ], title: "0-byte record padding oracle", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "openssl-security@openssl.org", DATE_PUBLIC: "2019-02-26", ID: "CVE-2019-1559", STATE: "PUBLIC", TITLE: "0-byte record padding oracle", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OpenSSL", version: { version_data: [ { version_value: "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)", }, ], }, }, ], }, vendor_name: "OpenSSL", }, ], }, }, credit: [ { lang: "eng", value: "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", }, ], }, impact: [ { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Padding Oracle", }, ], }, ], }, references: { reference_data: [ { name: "107174", refsource: "BID", url: "http://www.securityfocus.com/bid/107174", }, { name: "GLSA-201903-10", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201903-10", }, { name: "USN-3899-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3899-1/", }, { name: "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", }, { name: "DSA-4400", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4400", }, { name: "openSUSE-SU-2019:1076", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", }, { name: "openSUSE-SU-2019:1105", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", }, { name: "openSUSE-SU-2019:1173", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", }, { name: "openSUSE-SU-2019:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", }, { name: "openSUSE-SU-2019:1432", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", }, { name: "openSUSE-SU-2019:1637", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", }, { name: "RHSA-2019:2304", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { name: "RHSA-2019:2439", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2439", }, { name: "RHSA-2019:2437", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2437", }, { name: "RHSA-2019:2471", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2471", }, { name: "FEDORA-2019-db06efdea1", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { name: "FEDORA-2019-00c25b9379", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { name: "FEDORA-2019-9a0a7c0986", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { name: "RHSA-2019:3929", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { name: "RHSA-2019:3931", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "USN-4376-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4376-2/", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20190301-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190301-0001/", }, { name: "https://security.netapp.com/advisory/ntap-20190301-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190301-0002/", }, { name: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", refsource: "CONFIRM", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", }, { name: "https://www.openssl.org/news/secadv/20190226.txt", refsource: "CONFIRM", url: "https://www.openssl.org/news/secadv/20190226.txt", }, { name: "https://support.f5.com/csp/article/K18549143", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K18549143", }, { name: "https://www.tenable.com/security/tns-2019-02", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2019-02", }, { name: "https://security.netapp.com/advisory/ntap-20190423-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { name: "https://www.tenable.com/security/tns-2019-03", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2019-03", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", }, { name: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2019-1559", datePublished: "2019-02-27T23:00:00Z", dateReserved: "2018-11-28T00:00:00", dateUpdated: "2024-09-17T04:20:35.057Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-5715
Vulnerability from cvelistv5
Published
2018-01-04 13:00
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Microprocessors with Speculative Execution |
Version: All |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:11:48.456Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", }, { name: "USN-3560-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3560-1/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html", }, { name: "DSA-4187", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4187", }, { name: "USN-3542-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3542-2/", }, { name: "GLSA-201810-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201810-06", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "USN-3540-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3540-2/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/security/vulnerabilities/speculativeexecution", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", }, { name: "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", }, { name: "USN-3597-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3597-1/", }, { name: "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html", }, { name: "SUSE-SU-2018:0012", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html", }, { name: "SUSE-SU-2018:0011", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", }, { name: "DSA-4213", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4213", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert.vde.com/en-us/advisories/vde-2018-002", }, { name: "DSA-4120", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4120", }, { name: "openSUSE-SU-2018:0013", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html", }, { name: "USN-3580-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3580-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K91229003", }, { name: "USN-3531-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3531-3/", }, { name: "USN-3620-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3620-2/", }, { name: "openSUSE-SU-2018:0022", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html", }, { name: "USN-3582-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3582-1/", }, { name: "DSA-4188", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4188", }, { name: "RHSA-2018:0292", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:0292", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://xenbits.xen.org/xsa/advisory-254.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180104-0001/", }, { name: "SUSE-SU-2018:0019", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/support/security/Synology_SA_18_01", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", }, { name: "102376", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102376", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", }, { name: "USN-3594-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3594-1/", }, { name: "VU#584653", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/584653", }, { name: "VU#180049", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/180049", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert.vde.com/en-us/advisories/vde-2018-003", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "SUSE-SU-2018:0009", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html", }, { name: "USN-3690-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3690-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html", }, { name: "USN-3549-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3549-1/", }, { name: "SUSE-SU-2018:0007", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX231399", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://spectreattack.com/", }, { name: "USN-3531-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3531-1/", }, { name: "FreeBSD-SA-18:03", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", }, { name: "SUSE-SU-2018:0006", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html", }, { name: "USN-3581-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3581-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", }, { name: "1040071", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040071", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr", }, { name: "USN-3597-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3597-2/", }, { name: "USN-3581-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3581-2/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", }, { name: "SUSE-SU-2018:0010", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html", }, { name: "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html", }, { name: "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel", }, { name: "USN-3516-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/usn/usn-3516-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html", }, { name: "43427", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/43427/", }, { name: "SUSE-SU-2018:0020", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html", }, { name: "USN-3541-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3541-2/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/us/en/solutions/LEN-18282", }, { name: "USN-3777-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3777-3/", }, { name: "openSUSE-SU-2018:0023", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2018-0007.html", }, { name: "SUSE-SU-2018:0008", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", }, { name: "USN-3561-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3561-1/", }, { name: "USN-3582-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3582-2/", }, { name: "20190624 [SECURITY] [DSA 4469-1] libvirt security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jun/36", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, { name: "FreeBSD-SA-19:26", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc", }, { name: "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Nov/16", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2017-5715", }, { name: "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html", }, { name: "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microprocessors with Speculative Execution", vendor: "Intel Corporation", versions: [ { status: "affected", version: "All", }, ], }, ], datePublic: "2018-01-03T00:00:00", descriptions: [ { lang: "en", value: "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-16T08:06:27", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", }, { name: "USN-3560-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3560-1/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html", }, { name: "DSA-4187", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4187", }, { name: "USN-3542-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3542-2/", }, { name: "GLSA-201810-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201810-06", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "USN-3540-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3540-2/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/security/vulnerabilities/speculativeexecution", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", }, { name: "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", }, { name: "USN-3597-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3597-1/", }, { name: "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html", }, { name: "SUSE-SU-2018:0012", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html", }, { name: "SUSE-SU-2018:0011", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", }, { tags: [ "x_refsource_MISC", ], url: "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", }, { name: "DSA-4213", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4213", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert.vde.com/en-us/advisories/vde-2018-002", }, { name: "DSA-4120", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4120", }, { name: "openSUSE-SU-2018:0013", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html", }, { name: "USN-3580-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3580-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K91229003", }, { name: "USN-3531-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3531-3/", }, { name: "USN-3620-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3620-2/", }, { name: "openSUSE-SU-2018:0022", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html", }, { name: "USN-3582-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3582-1/", }, { name: "DSA-4188", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4188", }, { name: "RHSA-2018:0292", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:0292", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://xenbits.xen.org/xsa/advisory-254.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180104-0001/", }, { name: "SUSE-SU-2018:0019", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/support/security/Synology_SA_18_01", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", }, { name: "102376", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102376", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", }, { name: "USN-3594-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3594-1/", }, { name: "VU#584653", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/584653", }, { name: "VU#180049", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/180049", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert.vde.com/en-us/advisories/vde-2018-003", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "SUSE-SU-2018:0009", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html", }, { name: "USN-3690-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3690-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html", }, { name: "USN-3549-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3549-1/", }, { name: "SUSE-SU-2018:0007", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX231399", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_MISC", ], url: "https://spectreattack.com/", }, { name: "USN-3531-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3531-1/", }, { name: "FreeBSD-SA-18:03", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", }, { name: "SUSE-SU-2018:0006", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html", }, { name: "USN-3581-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3581-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", }, { name: "1040071", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040071", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr", }, { name: "USN-3597-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3597-2/", }, { name: "USN-3581-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3581-2/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", }, { name: "SUSE-SU-2018:0010", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html", }, { name: "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html", }, { name: "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel", }, { name: "USN-3516-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/usn/usn-3516-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html", }, { name: "43427", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/43427/", }, { name: "SUSE-SU-2018:0020", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html", }, { name: "USN-3541-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3541-2/", }, { tags: [ "x_refsource_MISC", ], url: "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/us/en/solutions/LEN-18282", }, { name: "USN-3777-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3777-3/", }, { name: "openSUSE-SU-2018:0023", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.vmware.com/security/advisories/VMSA-2018-0007.html", }, { name: "SUSE-SU-2018:0008", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", }, { name: "USN-3561-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3561-1/", }, { name: "USN-3582-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3582-2/", }, { name: "20190624 [SECURITY] [DSA 4469-1] libvirt security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jun/36", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, { name: "FreeBSD-SA-19:26", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc", }, { name: "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Nov/16", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.paloaltonetworks.com/CVE-2017-5715", }, { name: "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html", }, { name: "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", DATE_PUBLIC: "2018-01-03T00:00:00", ID: "CVE-2017-5715", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microprocessors with Speculative Execution", version: { version_data: [ { version_value: "All", }, ], }, }, ], }, vendor_name: "Intel Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", }, { name: "USN-3560-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3560-1/", }, { name: "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html", }, { name: "DSA-4187", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4187", }, { name: "USN-3542-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3542-2/", }, { name: "GLSA-201810-06", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201810-06", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { name: "USN-3540-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3540-2/", }, { name: "https://access.redhat.com/security/vulnerabilities/speculativeexecution", refsource: "CONFIRM", url: "https://access.redhat.com/security/vulnerabilities/speculativeexecution", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", }, { name: "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", }, { name: "USN-3597-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3597-1/", }, { name: "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html", }, { name: "SUSE-SU-2018:0012", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html", }, { name: "SUSE-SU-2018:0011", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html", }, { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", }, { name: "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", refsource: "MISC", url: "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", }, { name: "DSA-4213", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4213", }, { name: "https://cert.vde.com/en-us/advisories/vde-2018-002", refsource: "CONFIRM", url: "https://cert.vde.com/en-us/advisories/vde-2018-002", }, { name: "DSA-4120", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4120", }, { name: "openSUSE-SU-2018:0013", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html", }, { name: "USN-3580-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3580-1/", }, { name: "https://support.f5.com/csp/article/K91229003", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K91229003", }, { name: "USN-3531-3", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3531-3/", }, { name: "USN-3620-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3620-2/", }, { name: "openSUSE-SU-2018:0022", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html", }, { name: "USN-3582-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3582-1/", }, { name: "DSA-4188", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4188", }, { name: "RHSA-2018:0292", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:0292", }, { name: "http://xenbits.xen.org/xsa/advisory-254.html", refsource: "CONFIRM", url: "http://xenbits.xen.org/xsa/advisory-254.html", }, { name: "https://security.netapp.com/advisory/ntap-20180104-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180104-0001/", }, { name: "SUSE-SU-2018:0019", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html", }, { name: "https://www.synology.com/support/security/Synology_SA_18_01", refsource: "CONFIRM", url: "https://www.synology.com/support/security/Synology_SA_18_01", }, { name: "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html", }, { name: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", refsource: "CONFIRM", url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", }, { name: "102376", refsource: "BID", url: "http://www.securityfocus.com/bid/102376", }, { name: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", refsource: "CONFIRM", url: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", }, { name: "USN-3594-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3594-1/", }, { name: "VU#584653", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/584653", }, { name: "VU#180049", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/180049", }, { name: "https://cert.vde.com/en-us/advisories/vde-2018-003", refsource: "CONFIRM", url: "https://cert.vde.com/en-us/advisories/vde-2018-003", }, { name: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", refsource: "CONFIRM", url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "SUSE-SU-2018:0009", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html", }, { name: "USN-3690-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3690-1/", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", }, { name: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", refsource: "CONFIRM", url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us", }, { name: "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html", refsource: "CONFIRM", url: "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html", }, { name: "USN-3549-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3549-1/", }, { name: "SUSE-SU-2018:0007", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html", }, { name: "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", refsource: "CONFIRM", url: "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", }, { name: "https://support.citrix.com/article/CTX231399", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX231399", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { name: "https://spectreattack.com/", refsource: "MISC", url: "https://spectreattack.com/", }, { name: "USN-3531-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3531-1/", }, { name: "FreeBSD-SA-18:03", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc", }, { name: "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", refsource: "CONFIRM", url: "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", }, { name: "SUSE-SU-2018:0006", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html", }, { name: "USN-3581-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3581-1/", }, { name: "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", refsource: "CONFIRM", url: "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", }, { name: "1040071", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040071", }, { name: "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { name: "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr", refsource: "CONFIRM", url: "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr", }, { name: "USN-3597-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3597-2/", }, { name: "USN-3581-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3581-2/", }, { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", }, { name: "SUSE-SU-2018:0010", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html", }, { name: "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html", }, { name: "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel", }, { name: "USN-3516-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/usn/usn-3516-1/", }, { name: "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html", refsource: "CONFIRM", url: "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html", }, { name: "43427", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/43427/", }, { name: "SUSE-SU-2018:0020", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html", }, { name: "USN-3541-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3541-2/", }, { name: "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", refsource: "MISC", url: "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", }, { name: "https://support.lenovo.com/us/en/solutions/LEN-18282", refsource: "CONFIRM", url: "https://support.lenovo.com/us/en/solutions/LEN-18282", }, { name: "USN-3777-3", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3777-3/", }, { name: "openSUSE-SU-2018:0023", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html", }, { name: "https://www.vmware.com/security/advisories/VMSA-2018-0007.html", refsource: "CONFIRM", url: "https://www.vmware.com/security/advisories/VMSA-2018-0007.html", }, { name: "SUSE-SU-2018:0008", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html", }, { name: "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", refsource: "CONFIRM", url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", }, { name: "USN-3561-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3561-1/", }, { name: "USN-3582-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3582-2/", }, { name: "20190624 [SECURITY] [DSA 4469-1] libvirt security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jun/36", }, { name: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", refsource: "CONFIRM", url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, { name: "FreeBSD-SA-19:26", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc", }, { name: "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Nov/16", }, { name: "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", }, { name: "https://security.paloaltonetworks.com/CVE-2017-5715", refsource: "CONFIRM", url: "https://security.paloaltonetworks.com/CVE-2017-5715", }, { name: "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html", }, { name: "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2017-5715", datePublished: "2018-01-04T13:00:00Z", dateReserved: "2017-02-01T00:00:00", dateUpdated: "2024-09-17T03:28:57.728Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27780
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-07 19:09
Severity ?
EPSS score ?
Summary
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.83.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.992Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1553841", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "curl", vendor: "haxx", versions: [ { lessThan: "7.86.0", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "solidfire_\\&_hci_storage_node", vendor: "netapp", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:ontap_9:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ontap_9", vendor: "netapp", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "solidfire_\\&_hci_management_node", vendor: "netapp", versions: [ { status: "affected", version: "h300s", }, { status: "affected", version: "h410s", }, { status: "affected", version: "h500s", }, { status: "affected", version: "h700s", }, ], }, { cpes: [ "cpe:2.3:o:netapp:hci_bootstrap_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "hci_bootstrap_os", vendor: "netapp", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "solidfire_\\&_hci_management_node", vendor: "netapp", versions: [ { status: "affected", version: "0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-27780", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-26T20:10:43.314256Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-07T19:09:34.290Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in 7.83.1", }, ], }, ], descriptions: [ { lang: "en", value: "The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-177", description: "Improper Handling of URL Encoding (Hex Encoding) (CWE-177)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T00:00:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1553841", }, { url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-27780", datePublished: "2022-06-01T00:00:00", dateReserved: "2022-03-23T00:00:00", dateUpdated: "2024-08-07T19:09:34.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12464
Vulnerability from cvelistv5
Published
2020-04-29 17:59
Modified
2024-08-04 11:56
Severity ?
EPSS score ?
Summary
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:56:52.059Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://patchwork.kernel.org/patch/11463781/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lkml.org/lkml/2020/3/23/52", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "USN-4388-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4388-1/", }, { name: "USN-4389-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4389-1/", }, { name: "USN-4387-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4387-1/", }, { name: "USN-4390-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4390-1/", }, { name: "USN-4391-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4391-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-22T21:06:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://patchwork.kernel.org/patch/11463781/", }, { tags: [ "x_refsource_MISC", ], url: "https://lkml.org/lkml/2020/3/23/52", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "USN-4388-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4388-1/", }, { name: "USN-4389-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4389-1/", }, { name: "USN-4387-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4387-1/", }, { name: "USN-4390-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4390-1/", }, { name: "USN-4391-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4391-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12464", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://patchwork.kernel.org/patch/11463781/", refsource: "MISC", url: "https://patchwork.kernel.org/patch/11463781/", }, { name: "https://lkml.org/lkml/2020/3/23/52", refsource: "MISC", url: "https://lkml.org/lkml/2020/3/23/52", }, { name: "https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b", }, { name: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b", refsource: "MISC", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "DSA-4698", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4698", }, { name: "DSA-4699", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4699", }, { name: "openSUSE-SU-2020:0801", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "USN-4388-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4388-1/", }, { name: "USN-4389-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4389-1/", }, { name: "USN-4387-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4387-1/", }, { name: "USN-4390-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4390-1/", }, { name: "USN-4391-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4391-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12464", datePublished: "2020-04-29T17:59:51", dateReserved: "2020-04-29T00:00:00", dateUpdated: "2024-08-04T11:56:52.059Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43680
Vulnerability from cvelistv5
Published
2022-10-24 00:00
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:40:06.144Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/650", }, { tags: [ "x_transferred", ], url: "https://github.com/libexpat/libexpat/issues/649", }, { tags: [ "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/616", }, { name: "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html", }, { name: "DSA-5266", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5266", }, { name: "GLSA-202210-38", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-38", }, { name: "FEDORA-2022-ae2559a8f4", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/", }, { name: "FEDORA-2022-3cf0e7ebc7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/", }, { name: "FEDORA-2022-f3a939e960", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/", }, { name: "FEDORA-2022-5f1e2e9016", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/", }, { name: "FEDORA-2022-49db80f821", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/", }, { name: "FEDORA-2022-c43235716e", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221118-0007/", }, { name: "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/28/5", }, { name: "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/03/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-03T12:06:22.913559", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/libexpat/libexpat/pull/650", }, { url: "https://github.com/libexpat/libexpat/issues/649", }, { url: "https://github.com/libexpat/libexpat/pull/616", }, { name: "[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html", }, { name: "DSA-5266", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5266", }, { name: "GLSA-202210-38", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202210-38", }, { name: "FEDORA-2022-ae2559a8f4", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/", }, { name: "FEDORA-2022-3cf0e7ebc7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/", }, { name: "FEDORA-2022-f3a939e960", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/", }, { name: "FEDORA-2022-5f1e2e9016", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/", }, { name: "FEDORA-2022-49db80f821", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/", }, { name: "FEDORA-2022-c43235716e", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/", }, { url: "https://security.netapp.com/advisory/ntap-20221118-0007/", }, { name: "[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/12/28/5", }, { name: "[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: \"Use after free\" fixed in libexpat", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/01/03/5", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-43680", datePublished: "2022-10-24T00:00:00", dateReserved: "2022-10-24T00:00:00", dateUpdated: "2024-08-03T13:40:06.144Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-32207
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2025-04-23 18:04
Severity ?
EPSS score ?
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:32:56.011Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1573634", }, { name: "FEDORA-2022-1b3d7f6973", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { name: "DSA-5197", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213488", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-32207", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-23T13:31:36.720075Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-23T18:04:31.119Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in 7.84.0", }, ], }, ], descriptions: [ { lang: "en", value: "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-840", description: "Business Logic Errors (CWE-840)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T00:00:00.000Z", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1573634", }, { name: "FEDORA-2022-1b3d7f6973", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { name: "DSA-5197", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { url: "https://support.apple.com/kb/HT213488", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-32207", datePublished: "2022-07-07T00:00:00.000Z", dateReserved: "2022-06-01T00:00:00.000Z", dateUpdated: "2025-04-23T18:04:31.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8285
Vulnerability from cvelistv5
Published
2020-12-14 19:39
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: libcurl 7.21.0 to and including 7.73.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.307Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1045844", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/curl/curl/issues/6255", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://curl.se/docs/CVE-2020-8285.html", }, { name: "FEDORA-2020-ceaf490686", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { name: "FEDORA-2020-7ab62c73bc", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { name: "GLSA-202012-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202012-14", }, { name: "DSA-4881", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Apr/51", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212325", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212326", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212327", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "libcurl 7.21.0 to and including 7.73.0", }, ], }, ], descriptions: [ { lang: "en", value: "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-674", description: "Uncontrolled Recursion (CWE-674)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:23:28", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1045844", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/curl/curl/issues/6255", }, { tags: [ "x_refsource_MISC", ], url: "https://curl.se/docs/CVE-2020-8285.html", }, { name: "FEDORA-2020-ceaf490686", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { name: "FEDORA-2020-7ab62c73bc", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { name: "GLSA-202012-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202012-14", }, { name: "DSA-4881", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Apr/51", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212325", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212326", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212327", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8285", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "https://github.com/curl/curl", version: { version_data: [ { version_value: "libcurl 7.21.0 to and including 7.73.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Uncontrolled Recursion (CWE-674)", }, ], }, ], }, references: { reference_data: [ { name: "https://hackerone.com/reports/1045844", refsource: "MISC", url: "https://hackerone.com/reports/1045844", }, { name: "https://github.com/curl/curl/issues/6255", refsource: "MISC", url: "https://github.com/curl/curl/issues/6255", }, { name: "https://curl.se/docs/CVE-2020-8285.html", refsource: "MISC", url: "https://curl.se/docs/CVE-2020-8285.html", }, { name: "FEDORA-2020-ceaf490686", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { name: "FEDORA-2020-7ab62c73bc", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { name: "GLSA-202012-14", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202012-14", }, { name: "DSA-4881", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4881", }, { name: "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Apr/51", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210122-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { name: "https://support.apple.com/kb/HT212325", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212325", }, { name: "https://support.apple.com/kb/HT212326", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212326", }, { name: "https://support.apple.com/kb/HT212327", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212327", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8285", datePublished: "2020-12-14T19:39:04", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:28.307Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22901
Vulnerability from cvelistv5
Published
2021-06-11 15:49
Modified
2024-08-03 18:58
Severity ?
EPSS score ?
Summary
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://hackerone.com/reports/1180380 | x_refsource_MISC | |
| https://curl.se/docs/CVE-2021-22901.html | x_refsource_MISC | |
| https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 | x_refsource_MISC | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210723-0001/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210727-0007/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: 7.75.0 through 7.76.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:58:25.389Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1180380", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://curl.se/docs/CVE-2021-22901.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210723-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210727-0007/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "7.75.0 through 7.76.1", }, ], }, ], descriptions: [ { lang: "en", value: "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "Use After Free (CWE-416)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-10T11:06:06", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1180380", }, { tags: [ "x_refsource_MISC", ], url: "https://curl.se/docs/CVE-2021-22901.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210723-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210727-0007/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2021-22901", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "https://github.com/curl/curl", version: { version_data: [ { version_value: "7.75.0 through 7.76.1", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Use After Free (CWE-416)", }, ], }, ], }, references: { reference_data: [ { name: "https://hackerone.com/reports/1180380", refsource: "MISC", url: "https://hackerone.com/reports/1180380", }, { name: "https://curl.se/docs/CVE-2021-22901.html", refsource: "MISC", url: "https://curl.se/docs/CVE-2021-22901.html", }, { name: "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479", refsource: "MISC", url: "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210723-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210723-0001/", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20210727-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210727-0007/", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2021-22901", datePublished: "2021-06-11T15:49:38", dateReserved: "2021-01-06T00:00:00", dateUpdated: "2024-08-03T18:58:25.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25221
Vulnerability from cvelistv5
Published
2020-09-10 13:39
Modified
2024-08-04 15:33
Severity ?
EPSS score ?
Summary
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2020/09/08/4 | x_refsource_MISC | |
| https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2 | x_refsource_MISC | |
| https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/09/10/4 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20201001-0003/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:33:04.432Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2020/09/08/4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7", }, { name: "[oss-security] 20200910 Re: CVE Request: Linux kernel vsyscall page refcounting error", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/09/10/4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201001-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-01T13:06:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2020/09/08/4", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7", }, { name: "[oss-security] 20200910 Re: CVE Request: Linux kernel vsyscall page refcounting error", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/09/10/4", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20201001-0003/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-25221", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.openwall.com/lists/oss-security/2020/09/08/4", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2020/09/08/4", }, { name: "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2", refsource: "MISC", url: "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2", }, { name: "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a", refsource: "MISC", url: "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7", }, { name: "[oss-security] 20200910 Re: CVE Request: Linux kernel vsyscall page refcounting error", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/09/10/4", }, { name: "https://security.netapp.com/advisory/ntap-20201001-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20201001-0003/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25221", datePublished: "2020-09-10T13:39:59", dateReserved: "2020-09-10T00:00:00", dateUpdated: "2024-08-04T15:33:04.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-1678
Vulnerability from cvelistv5
Published
2022-05-25 14:49
Modified
2024-08-03 00:10
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.openanolis.cn/show_bug.cgi?id=61 | x_refsource_CONFIRM | |
| https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/ | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a | x_refsource_MISC | |
| https://gitee.com/anolis/cloud-kernel/commit/bed537da691b | x_refsource_MISC | |
| https://anas.openanolis.cn/cves/detail/CVE-2022-1678 | x_refsource_MISC | |
| https://anas.openanolis.cn/errata/detail/ANSA-2022:0143 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220715-0001/ | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:10:03.820Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.openanolis.cn/show_bug.cgi?id=61", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://anas.openanolis.cn/cves/detail/CVE-2022-1678", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220715-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kernel", vendor: "n/a", versions: [ { lessThan: "unspecified", status: "affected", version: "4.18", versionType: "custom", }, { lessThanOrEqual: "4.19", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-911", description: "CWE-911 Improper Update of Reference Count", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-15T15:06:58", orgId: "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", shortName: "Anolis", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.openanolis.cn/show_bug.cgi?id=61", }, { tags: [ "x_refsource_MISC", ], url: "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a", }, { tags: [ "x_refsource_MISC", ], url: "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b", }, { tags: [ "x_refsource_MISC", ], url: "https://anas.openanolis.cn/cves/detail/CVE-2022-1678", }, { tags: [ "x_refsource_MISC", ], url: "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220715-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@openanolis.org", ID: "CVE-2022-1678", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "kernel", version: { version_data: [ { version_affected: ">=", version_value: "4.18", }, { version_affected: "<=", version_value: "4.19", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-911 Improper Update of Reference Count", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.openanolis.cn/show_bug.cgi?id=61", refsource: "CONFIRM", url: "https://bugzilla.openanolis.cn/show_bug.cgi?id=61", }, { name: "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/", refsource: "MISC", url: "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/", }, { name: "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a", }, { name: "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b", refsource: "MISC", url: "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b", }, { name: "https://anas.openanolis.cn/cves/detail/CVE-2022-1678", refsource: "MISC", url: "https://anas.openanolis.cn/cves/detail/CVE-2022-1678", }, { name: "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143", refsource: "MISC", url: "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143", }, { name: "https://security.netapp.com/advisory/ntap-20220715-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220715-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", assignerShortName: "Anolis", cveId: "CVE-2022-1678", datePublished: "2022-05-25T14:49:30", dateReserved: "2022-05-12T00:00:00", dateUpdated: "2024-08-03T00:10:03.820Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11884
Vulnerability from cvelistv5
Published
2020-04-29 12:07
Modified
2024-08-04 11:42
Severity ?
EPSS score ?
Summary
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:42:00.533Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f", }, { name: "DSA-4667", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4667", }, { name: "USN-4343-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4343-1/", }, { name: "FEDORA-2020-64d46a6e29", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/", }, { name: "FEDORA-2020-16f9239805", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/", }, { name: "FEDORA-2020-b453269c4e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/", }, { name: "USN-4345-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4345-1/", }, { name: "USN-4342-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4342-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-04T22:00:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f", }, { name: "DSA-4667", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4667", }, { name: "USN-4343-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4343-1/", }, { name: "FEDORA-2020-64d46a6e29", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/", }, { name: "FEDORA-2020-16f9239805", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/", }, { name: "FEDORA-2020-b453269c4e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/", }, { name: "USN-4345-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4345-1/", }, { name: "USN-4342-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4342-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11884", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f", refsource: "CONFIRM", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f", }, { name: "DSA-4667", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4667", }, { name: "USN-4343-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4343-1/", }, { name: "FEDORA-2020-64d46a6e29", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/", }, { name: "FEDORA-2020-16f9239805", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/", }, { name: "FEDORA-2020-b453269c4e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/", }, { name: "USN-4345-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4345-1/", }, { name: "USN-4342-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4342-1/", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-11884", datePublished: "2020-04-29T12:07:37", dateReserved: "2020-04-17T00:00:00", dateUpdated: "2024-08-04T11:42:00.533Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36946
Vulnerability from cvelistv5
Published
2022-07-27 00:00
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.314Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://marc.info/?l=netfilter-devel&m=165883202007292&w=2", }, { name: "DSA-5207", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5207", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220901-0007/", }, { name: "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html", }, { name: "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-25T00:40:11.457258", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://marc.info/?l=netfilter-devel&m=165883202007292&w=2", }, { name: "DSA-5207", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5207", }, { url: "https://security.netapp.com/advisory/ntap-20220901-0007/", }, { name: "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html", }, { name: "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html", }, { url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36946", datePublished: "2022-07-27T00:00:00", dateReserved: "2022-07-27T00:00:00", dateUpdated: "2024-08-03T10:21:32.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3753
Vulnerability from cvelistv5
Published
2022-02-16 00:00
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:09:08.286Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999589", }, { tags: [ "x_transferred", ], url: "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2021/09/01/4", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221028-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kernel", vendor: "n/a", versions: [ { status: "affected", version: "Linux kernel 5.15-rc1", }, ], }, ], descriptions: [ { lang: "en", value: "A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-28T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999589", }, { url: "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7", }, { url: "https://www.openwall.com/lists/oss-security/2021/09/01/4", }, { url: "https://security.netapp.com/advisory/ntap-20221028-0003/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3753", datePublished: "2022-02-16T00:00:00", dateReserved: "2021-08-31T00:00:00", dateUpdated: "2024-08-03T17:09:08.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21549
Vulnerability from cvelistv5
Published
2022-07-19 00:00
Modified
2024-08-03 02:46
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:17.0.3.1 Version: Oracle GraalVM Enterprise Edition:21.3.2 Version: Oracle GraalVM Enterprise Edition:22.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:46:38.909Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "DSA-5192", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { name: "FEDORA-2022-34584d4257", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-64431bccec", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/", }, { name: "GLSA-202401-25", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-25", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:17.0.3.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.2", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-17T15:06:19.501295", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "DSA-5192", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { name: "FEDORA-2022-34584d4257", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/", }, { url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-64431bccec", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/", }, { name: "GLSA-202401-25", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-25", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2022-21549", datePublished: "2022-07-19T00:00:00", dateReserved: "2021-11-15T00:00:00", dateUpdated: "2024-08-03T02:46:38.909Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19052
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:38.573Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2019:2675", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "USN-4228-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4228-1/", }, { name: "USN-4227-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4227-1/", }, { name: "USN-4226-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4226-1/", }, { name: "USN-4225-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4225-1/", }, { name: "USN-4228-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4228-2/", }, { name: "USN-4227-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4227-2/", }, { name: "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", }, { name: "USN-4225-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4225-2/", }, { name: "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-14T17:20:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "openSUSE-SU-2019:2675", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "USN-4228-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4228-1/", }, { name: "USN-4227-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4227-1/", }, { name: "USN-4226-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4226-1/", }, { name: "USN-4225-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4225-1/", }, { name: "USN-4228-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4228-2/", }, { name: "USN-4227-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4227-2/", }, { name: "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", }, { name: "USN-4225-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4225-2/", }, { name: "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19052", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2019:2675", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "USN-4228-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4228-1/", }, { name: "USN-4227-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4227-1/", }, { name: "USN-4226-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4226-1/", }, { name: "USN-4225-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4225-1/", }, { name: "USN-4228-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4228-2/", }, { name: "USN-4227-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4227-2/", }, { name: "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", }, { name: "USN-4225-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4225-2/", }, { name: "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", }, { name: "https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19052", datePublished: "2019-11-18T05:23:50", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:38.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29569
Vulnerability from cvelistv5
Published
2020-12-15 17:00
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
References
| ▼ | URL | Tags |
|---|---|---|
| https://xenbits.xenproject.org/xsa/advisory-350.html | x_refsource_MISC | |
| https://www.debian.org/security/2021/dsa-4843 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.netapp.com/advisory/ntap-20210205-0001/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202107-30 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.494Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://xenbits.xenproject.org/xsa/advisory-350.html", }, { name: "DSA-4843", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4843", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210205-0001/", }, { name: "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { name: "GLSA-202107-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-30", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-12T04:06:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://xenbits.xenproject.org/xsa/advisory-350.html", }, { name: "DSA-4843", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4843", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210205-0001/", }, { name: "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { name: "GLSA-202107-30", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-30", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-29569", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://xenbits.xenproject.org/xsa/advisory-350.html", refsource: "MISC", url: "https://xenbits.xenproject.org/xsa/advisory-350.html", }, { name: "DSA-4843", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4843", }, { name: "https://security.netapp.com/advisory/ntap-20210205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210205-0001/", }, { name: "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html", }, { name: "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { name: "GLSA-202107-30", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-30", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-29569", datePublished: "2020-12-15T17:00:36", dateReserved: "2020-12-04T00:00:00", dateUpdated: "2024-08-04T16:55:10.494Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28041
Vulnerability from cvelistv5
Published
2021-03-05 19:07
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openssh.com/security.html | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2021/03/03/1 | x_refsource_MISC | |
| https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db | x_refsource_MISC | |
| https://www.openssh.com/txt/release-8.5 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202105-35 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210416-0002/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:17.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openssh.com/security.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2021/03/03/1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openssh.com/txt/release-8.5", }, { name: "FEDORA-2021-f68a5a75ba", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/", }, { name: "GLSA-202105-35", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202105-35", }, { name: "FEDORA-2021-1d3698089d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210416-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-20T22:56:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.openssh.com/security.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2021/03/03/1", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openssh.com/txt/release-8.5", }, { name: "FEDORA-2021-f68a5a75ba", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/", }, { name: "GLSA-202105-35", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202105-35", }, { name: "FEDORA-2021-1d3698089d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210416-0002/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-28041", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.openssh.com/security.html", refsource: "MISC", url: "https://www.openssh.com/security.html", }, { name: "https://www.openwall.com/lists/oss-security/2021/03/03/1", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2021/03/03/1", }, { name: "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db", refsource: "MISC", url: "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db", }, { name: "https://www.openssh.com/txt/release-8.5", refsource: "MISC", url: "https://www.openssh.com/txt/release-8.5", }, { name: "FEDORA-2021-f68a5a75ba", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/", }, { name: "GLSA-202105-35", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202105-35", }, { name: "FEDORA-2021-1d3698089d", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210416-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210416-0002/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-28041", datePublished: "2021-03-05T19:07:34", dateReserved: "2021-03-05T00:00:00", dateUpdated: "2024-08-03T21:33:17.327Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11815
Vulnerability from cvelistv5
Published
2019-05-08 13:36
Modified
2024-08-04 23:03
Severity ?
EPSS score ?
Summary
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:03:32.885Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63", }, { name: "108283", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108283", }, { name: "openSUSE-SU-2019:1404", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html", }, { name: "openSUSE-SU-2019:1407", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K32019083", }, { name: "openSUSE-SU-2019:1479", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html", }, { name: "USN-4008-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4008-1/", }, { name: "USN-4005-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4005-1/", }, { name: "USN-4008-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4008-3/", }, { name: "DSA-4465", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4465", }, { name: "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html", }, { name: "20190618 [SECURITY] [DSA 4465-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jun/26", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { name: "USN-4068-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4068-1/", }, { name: "USN-4068-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4068-2/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html", }, { name: "USN-4118-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4118-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-02T23:06:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63", }, { name: "108283", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108283", }, { name: "openSUSE-SU-2019:1404", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html", }, { name: "openSUSE-SU-2019:1407", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K32019083", }, { name: "openSUSE-SU-2019:1479", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html", }, { name: "USN-4008-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4008-1/", }, { name: "USN-4005-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4005-1/", }, { name: "USN-4008-3", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4008-3/", }, { name: "DSA-4465", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4465", }, { name: "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html", }, { name: "20190618 [SECURITY] [DSA 4465-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jun/26", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { name: "USN-4068-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4068-1/", }, { name: "USN-4068-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4068-2/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html", }, { name: "USN-4118-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4118-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-11815", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8", }, { name: "https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63", }, { name: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63", refsource: "MISC", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63", }, { name: "108283", refsource: "BID", url: "http://www.securityfocus.com/bid/108283", }, { name: "openSUSE-SU-2019:1404", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html", }, { name: "openSUSE-SU-2019:1407", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html", }, { name: "https://support.f5.com/csp/article/K32019083", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K32019083", }, { name: "openSUSE-SU-2019:1479", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html", }, { name: "USN-4008-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4008-1/", }, { name: "USN-4005-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4005-1/", }, { name: "USN-4008-3", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4008-3/", }, { name: "DSA-4465", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4465", }, { name: "[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html", }, { name: "20190618 [SECURITY] [DSA 4465-1] linux security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jun/26", }, { name: "https://security.netapp.com/advisory/ntap-20190719-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { name: "USN-4068-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4068-1/", }, { name: "USN-4068-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4068-2/", }, { name: "http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html", }, { name: "USN-4118-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4118-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-11815", datePublished: "2019-05-08T13:36:39", dateReserved: "2019-05-08T00:00:00", dateUpdated: "2024-08-04T23:03:32.885Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19054
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4527-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4526-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4525-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:39.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177", }, { name: "FEDORA-2019-021c968423", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "openSUSE-SU-2020:0336", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html", }, { name: "USN-4527-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4527-1/", }, { name: "USN-4526-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4526-1/", }, { name: "USN-4525-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4525-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-25T22:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177", }, { name: "FEDORA-2019-021c968423", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "openSUSE-SU-2020:0336", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html", }, { name: "USN-4527-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4527-1/", }, { name: "USN-4526-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4526-1/", }, { name: "USN-4525-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4525-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19054", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177", }, { name: "FEDORA-2019-021c968423", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "openSUSE-SU-2020:0336", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html", }, { name: "USN-4527-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4527-1/", }, { name: "USN-4526-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4526-1/", }, { name: "USN-4525-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4525-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19054", datePublished: "2019-11-18T05:23:53", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:39.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19053
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4300-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4301-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:38.802Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4300-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4300-1/", }, { name: "USN-4301-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4301-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-02T23:06:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4300-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4300-1/", }, { name: "USN-4301-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4301-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19053", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "USN-4300-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4300-1/", }, { name: "USN-4301-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4301-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19053", datePublished: "2019-11-18T05:23:51", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:38.802Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-2163
Vulnerability from cvelistv5
Published
2021-04-22 21:53
Modified
2024-09-26 15:33
Severity ?
EPSS score ?
Summary
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Java SE:7u291 Version: Java SE:8u281 Version: Java SE:11.0.10 Version: Java SE:16 Version: Java SE Embedded:8u281 Version: Oracle GraalVM Enterprise Edition:19.3.5 Version: Oracle GraalVM Enterprise Edition:20.3.1.2 Version: Oracle GraalVM Enterprise Edition:21.0.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:32:03.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { name: "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { name: "DSA-4899", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4899", }, { name: "FEDORA-2021-6eb9bbbf0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { name: "FEDORA-2021-65aa196c14", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { name: "FEDORA-2021-25b47f16af", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { name: "FEDORA-2021-8b80ef64f1", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { name: "FEDORA-2021-f71b592e07", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { name: "FEDORA-2021-b88e86b753", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { name: "GLSA-202209-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-05", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-2163", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:44:06.976321Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:33:21.760Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Java SE:7u291", }, { status: "affected", version: "Java SE:8u281", }, { status: "affected", version: "Java SE:11.0.10", }, { status: "affected", version: "Java SE:16", }, { status: "affected", version: "Java SE Embedded:8u281", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:19.3.5", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.1.2", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.0.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-07T04:07:16", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { name: "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { name: "DSA-4899", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4899", }, { name: "FEDORA-2021-6eb9bbbf0c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { name: "FEDORA-2021-65aa196c14", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { name: "FEDORA-2021-25b47f16af", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { name: "FEDORA-2021-8b80ef64f1", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { name: "FEDORA-2021-f71b592e07", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { name: "FEDORA-2021-b88e86b753", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { name: "GLSA-202209-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-05", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2021-2163", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Java SE JDK and JRE", version: { version_data: [ { version_affected: "=", version_value: "Java SE:7u291", }, { version_affected: "=", version_value: "Java SE:8u281", }, { version_affected: "=", version_value: "Java SE:11.0.10", }, { version_affected: "=", version_value: "Java SE:16", }, { version_affected: "=", version_value: "Java SE Embedded:8u281", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:19.3.5", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:20.3.1.2", }, { version_affected: "=", version_value: "Oracle GraalVM Enterprise Edition:21.0.0.2", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).", }, ], }, impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { name: "[debian-lts-announce] 20210423 [SECURITY] [DLA 2634-1] openjdk-8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { name: "DSA-4899", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4899", }, { name: "FEDORA-2021-6eb9bbbf0c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { name: "FEDORA-2021-65aa196c14", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { name: "FEDORA-2021-25b47f16af", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { name: "FEDORA-2021-8b80ef64f1", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { name: "FEDORA-2021-f71b592e07", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { name: "FEDORA-2021-b88e86b753", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { name: "https://security.netapp.com/advisory/ntap-20210513-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { name: "GLSA-202209-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-05", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2021-2163", datePublished: "2021-04-22T21:53:46", dateReserved: "2020-12-09T00:00:00", dateUpdated: "2024-09-26T15:33:21.760Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-10690
Vulnerability from cvelistv5
Published
2020-05-08 13:48
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4419-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:06:11.142Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "USN-4419-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4419-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kernel", vendor: "Red Hat", versions: [ { status: "affected", version: "all kernel versions before 5.5", }, ], }, ], descriptions: [ { lang: "en", value: "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-22T06:06:33", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "USN-4419-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4419-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-10690", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "kernel", version: { version_data: [ { version_value: "all kernel versions before 5.5", }, ], }, }, ], }, vendor_name: "Red Hat", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.", }, ], }, impact: { cvss: [ [ { vectorString: "6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-416", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "openSUSE-SU-2020:0801", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "USN-4419-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4419-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-10690", datePublished: "2020-05-08T13:48:30", dateReserved: "2020-03-20T00:00:00", dateUpdated: "2024-08-04T11:06:11.142Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-26116
Vulnerability from cvelistv5
Published
2020-09-27 00:00
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:49:07.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://python-security.readthedocs.io/vuln/http-header-injection-method.html", }, { tags: [ "x_transferred", ], url: "https://bugs.python.org/issue39603", }, { name: "FEDORA-2020-221823ebdd", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/", }, { name: "FEDORA-2020-887d3fa26f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/", }, { name: "FEDORA-2020-d30881c970", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/", }, { name: "USN-4581-1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/4581-1/", }, { name: "FEDORA-2020-e33acdea18", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/", }, { name: "openSUSE-SU-2020:1859", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html", }, { name: "FEDORA-2020-d42cb01973", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/", }, { name: "[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html", }, { name: "GLSA-202101-18", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-18", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20201023-0001/", }, { name: "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-24T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://python-security.readthedocs.io/vuln/http-header-injection-method.html", }, { url: "https://bugs.python.org/issue39603", }, { name: "FEDORA-2020-221823ebdd", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/", }, { name: "FEDORA-2020-887d3fa26f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/", }, { name: "FEDORA-2020-d30881c970", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/", }, { name: "USN-4581-1", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/4581-1/", }, { name: "FEDORA-2020-e33acdea18", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/", }, { name: "openSUSE-SU-2020:1859", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html", }, { name: "FEDORA-2020-d42cb01973", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/", }, { name: "[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html", }, { name: "GLSA-202101-18", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202101-18", }, { url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { url: "https://security.netapp.com/advisory/ntap-20201023-0001/", }, { name: "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-26116", datePublished: "2020-09-27T00:00:00", dateReserved: "2020-09-27T00:00:00", dateUpdated: "2024-08-04T15:49:07.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5188
Vulnerability from cvelistv5
Published
2020-01-08 15:45
Modified
2024-08-04 19:47
Severity ?
EPSS score ?
Summary
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/4249-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/ | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html | mailing-list, x_refsource_MLIST | |
| https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20220506-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:47:56.785Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2020-a724cc7926", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", }, { name: "USN-4249-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4249-1/", }, { name: "FEDORA-2020-01ed02451f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", }, { name: "openSUSE-SU-2020:0166", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", }, { name: "[debian-lts-announce] 20200324 [SECURITY] [DLA 2156-1] e2fsprogs security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html", }, { name: "[debian-lts-announce] 20200726 [SECURITY] [DLA 2290-1] e2fsprogs security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220506-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "E2fsprogs", vendor: "n/a", versions: [ { status: "affected", version: "1.43.3 - 1.45.4", }, ], }, ], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-06T13:06:14", orgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", shortName: "talos", }, references: [ { name: "FEDORA-2020-a724cc7926", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", }, { name: "USN-4249-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4249-1/", }, { name: "FEDORA-2020-01ed02451f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", }, { name: "openSUSE-SU-2020:0166", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", }, { name: "[debian-lts-announce] 20200324 [SECURITY] [DLA 2156-1] e2fsprogs security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html", }, { name: "[debian-lts-announce] 20200726 [SECURITY] [DLA 2290-1] e2fsprogs security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220506-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "talos-cna@cisco.com", ID: "CVE-2019-5188", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "E2fsprogs", version: { version_data: [ { version_value: "1.43.3 - 1.45.4", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", }, ], }, impact: { cvss: { baseScore: 7.5, baseSeverity: "High", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787: Out-of-bounds Write", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2020-a724cc7926", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", }, { name: "USN-4249-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4249-1/", }, { name: "FEDORA-2020-01ed02451f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", }, { name: "openSUSE-SU-2020:0166", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", }, { name: "[debian-lts-announce] 20200324 [SECURITY] [DLA 2156-1] e2fsprogs security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html", }, { name: "[debian-lts-announce] 20200726 [SECURITY] [DLA 2290-1] e2fsprogs security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html", }, { name: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", refsource: "CONFIRM", url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", }, { name: "https://security.netapp.com/advisory/ntap-20220506-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220506-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", assignerShortName: "talos", cveId: "CVE-2019-5188", datePublished: "2020-01-08T15:45:09", dateReserved: "2019-01-04T00:00:00", dateUpdated: "2024-08-04T19:47:56.785Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13632
Vulnerability from cvelistv5
Published
2020-05-27 14:42
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/4394-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200608-0002/ | x_refsource_CONFIRM | |
| https://sqlite.org/src/info/a4dd148928ea65bd | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202007-26 | vendor-advisory, x_refsource_GENTOO | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc | vendor-advisory, x_refsource_FREEBSD | |
| https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:25:16.387Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2020-0477f8840e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { name: "USN-4394-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4394-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sqlite.org/src/info/a4dd148928ea65bd", }, { name: "GLSA-202007-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202007-26", }, { name: "FreeBSD-SA-20:22", tags: [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { name: "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-08T14:07:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FEDORA-2020-0477f8840e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { name: "USN-4394-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4394-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://sqlite.org/src/info/a4dd148928ea65bd", }, { name: "GLSA-202007-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202007-26", }, { name: "FreeBSD-SA-20:22", tags: [ "vendor-advisory", "x_refsource_FREEBSD", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { name: "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13632", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2020-0477f8840e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { name: "USN-4394-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4394-1/", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", refsource: "MISC", url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { name: "https://sqlite.org/src/info/a4dd148928ea65bd", refsource: "MISC", url: "https://sqlite.org/src/info/a4dd148928ea65bd", }, { name: "GLSA-202007-26", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202007-26", }, { name: "FreeBSD-SA-20:22", refsource: "FREEBSD", url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { name: "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13632", datePublished: "2020-05-27T14:42:17", dateReserved: "2020-05-27T00:00:00", dateUpdated: "2024-08-04T12:25:16.387Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27775
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: curl 7.65.0 to 7.82.0 are vulnerable |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1546268", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { name: "DSA-5197", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "curl 7.65.0 to 7.82.0 are vulnerable", }, ], }, ], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "Information Disclosure (CWE-200)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T00:00:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1546268", }, { url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { name: "DSA-5197", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-27775", datePublished: "2022-06-01T00:00:00", dateReserved: "2022-03-23T00:00:00", dateUpdated: "2024-08-03T05:32:59.833Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38203
Vulnerability from cvelistv5
Published
2021-08-08 19:25
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:37:16.305Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-02T08:06:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38203", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { name: "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947", }, { name: "https://security.netapp.com/advisory/ntap-20210902-0010/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38203", datePublished: "2021-08-08T19:25:31", dateReserved: "2021-08-08T00:00:00", dateUpdated: "2024-08-04T01:37:16.305Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0492
Vulnerability from cvelistv5
Published
2022-03-03 00:00
Modified
2024-08-02 23:32
Severity ?
EPSS score ?
Summary
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:32:45.292Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051505", }, { tags: [ "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5095", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5095", }, { name: "DSA-5096", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220419-0002/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kernel", vendor: "n/a", versions: [ { status: "affected", version: "kernel 5.17 rc3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-07T15:06:18.421771", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051505", }, { url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5095", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5095", }, { name: "DSA-5096", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { url: "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html", }, { url: "https://security.netapp.com/advisory/ntap-20220419-0002/", }, { url: "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html", }, { url: "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-0492", datePublished: "2022-03-03T00:00:00", dateReserved: "2022-02-04T00:00:00", dateUpdated: "2024-08-02T23:32:45.292Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8284
Vulnerability from cvelistv5
Published
2020-12-14 19:38
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: 7.73.0 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.316Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1040166", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://curl.se/docs/CVE-2020-8284.html", }, { name: "FEDORA-2020-ceaf490686", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { name: "FEDORA-2020-7ab62c73bc", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { name: "GLSA-202012-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202012-14", }, { name: "DSA-4881", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212325", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212326", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212327", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "7.73.0 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "Information Disclosure (CWE-200)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:23:26", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1040166", }, { tags: [ "x_refsource_MISC", ], url: "https://curl.se/docs/CVE-2020-8284.html", }, { name: "FEDORA-2020-ceaf490686", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { name: "FEDORA-2020-7ab62c73bc", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { name: "GLSA-202012-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202012-14", }, { name: "DSA-4881", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212325", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212326", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212327", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2020-8284", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "https://github.com/curl/curl", version: { version_data: [ { version_value: "7.73.0 and earlier", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure (CWE-200)", }, ], }, ], }, references: { reference_data: [ { name: "https://hackerone.com/reports/1040166", refsource: "MISC", url: "https://hackerone.com/reports/1040166", }, { name: "https://curl.se/docs/CVE-2020-8284.html", refsource: "MISC", url: "https://curl.se/docs/CVE-2020-8284.html", }, { name: "FEDORA-2020-ceaf490686", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { name: "[debian-lts-announce] 20201219 [SECURITY] [DLA 2500-1] curl security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { name: "FEDORA-2020-7ab62c73bc", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { name: "GLSA-202012-14", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202012-14", }, { name: "DSA-4881", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4881", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210122-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { name: "https://support.apple.com/kb/HT212325", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212325", }, { name: "https://support.apple.com/kb/HT212326", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212326", }, { name: "https://support.apple.com/kb/HT212327", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212327", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2020-8284", datePublished: "2020-12-14T19:38:26", dateReserved: "2020-01-28T00:00:00", dateUpdated: "2024-08-04T09:56:28.316Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15778
Vulnerability from cvelistv5
Published
2020-07-24 00:00
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "openssh", vendor: "openbsd", versions: [ { lessThanOrEqual: "8.3p1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-15778", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-01T14:59:02.714297Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:12:18.895Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T13:22:30.831Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssh.com/security.html", }, { tags: [ "x_transferred", ], url: "https://github.com/cpandya2909/CVE-2020-15778/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200731-0007/", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=25005567", }, { name: "GLSA-202212-06", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-06", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:3166", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T16:53:15.270364", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.openssh.com/security.html", }, { url: "https://github.com/cpandya2909/CVE-2020-15778/", }, { url: "https://security.netapp.com/advisory/ntap-20200731-0007/", }, { url: "https://news.ycombinator.com/item?id=25005567", }, { name: "GLSA-202212-06", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-06", }, { url: "https://access.redhat.com/errata/RHSA-2024:3166", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15778", datePublished: "2020-07-24T00:00:00", dateReserved: "2020-07-15T00:00:00", dateUpdated: "2024-08-04T13:22:30.831Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27776
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-11-20 15:23
Severity ?
EPSS score ?
Summary
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: fixed in curl 7.83.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.926Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1547048", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { name: "DSA-5197", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { name: "FEDORA-2022-f83aec6d57", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/", }, { name: "FEDORA-2022-bca2c95559", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-27776", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-20T15:23:04.795275Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T15:23:17.772Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "fixed in curl 7.83.0", }, ], }, ], descriptions: [ { lang: "en", value: "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-522", description: "Insufficiently Protected Credentials (CWE-522)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T00:00:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1547048", }, { url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { name: "DSA-5197", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { name: "FEDORA-2022-f83aec6d57", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/", }, { name: "FEDORA-2022-bca2c95559", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-27776", datePublished: "2022-06-01T00:00:00", dateReserved: "2022-03-23T00:00:00", dateUpdated: "2024-11-20T15:23:17.772Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19069
Vulnerability from cvelistv5
Published
2019-11-18 05:24
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 | x_refsource_MISC | |
| https://usn.ubuntu.com/4208-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20191205-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:38.170Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", }, { name: "USN-4208-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4208-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-05T04:06:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", }, { name: "USN-4208-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4208-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19069", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { name: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", }, { name: "USN-4208-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4208-1/", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19069", datePublished: "2019-11-18T05:24:14", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:38.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-12769
Vulnerability from cvelistv5
Published
2020-05-09 20:16
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lkml.org/lkml/2020/2/3/559 | x_refsource_CONFIRM | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d | x_refsource_CONFIRM | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20200608-0001/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4391-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:04:22.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lkml.org/lkml/2020/2/3/559", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "USN-4391-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4391-1/", }, { name: "openSUSE-SU-2020:0935", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-07T05:06:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://lkml.org/lkml/2020/2/3/559", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "openSUSE-SU-2020:0801", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "USN-4391-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4391-1/", }, { name: "openSUSE-SU-2020:0935", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-12769", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://lkml.org/lkml/2020/2/3/559", refsource: "CONFIRM", url: "https://lkml.org/lkml/2020/2/3/559", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d", refsource: "CONFIRM", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17", refsource: "CONFIRM", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17", }, { name: "https://security.netapp.com/advisory/ntap-20200608-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { name: "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { name: "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { name: "openSUSE-SU-2020:0801", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { name: "USN-4391-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4391-1/", }, { name: "openSUSE-SU-2020:0935", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-12769", datePublished: "2020-05-09T20:16:45", dateReserved: "2020-05-09T00:00:00", dateUpdated: "2024-08-04T12:04:22.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19057
Vulnerability from cvelistv5
Published
2019-11-18 05:23
Modified
2024-08-05 02:09
Severity ?
EPSS score ?
Summary
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:09:39.338Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c", }, { name: "FEDORA-2019-021c968423", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "openSUSE-SU-2019:2675", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/10", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { name: "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", }, { name: "USN-4254-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4254-1/", }, { name: "USN-4254-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4254-2/", }, { name: "USN-4285-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4285-1/", }, { name: "USN-4287-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4287-1/", }, { name: "USN-4287-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4287-2/", }, { name: "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", }, { name: "USN-4284-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4284-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-02T20:06:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c", }, { name: "FEDORA-2019-021c968423", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "openSUSE-SU-2019:2675", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/10", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { name: "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", }, { name: "USN-4254-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4254-1/", }, { name: "USN-4254-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4254-2/", }, { name: "USN-4285-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4285-1/", }, { name: "USN-4287-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4287-1/", }, { name: "USN-4287-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4287-2/", }, { name: "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", }, { name: "USN-4284-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4284-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19057", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c", }, { name: "FEDORA-2019-021c968423", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { name: "FEDORA-2019-34a75d7e61", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { name: "https://security.netapp.com/advisory/ntap-20191205-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { name: "openSUSE-SU-2019:2675", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { name: "20200109 [slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/10", }, { name: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { name: "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", }, { name: "USN-4254-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4254-1/", }, { name: "USN-4254-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4254-2/", }, { name: "USN-4285-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4285-1/", }, { name: "USN-4287-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4287-1/", }, { name: "USN-4287-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4287-2/", }, { name: "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", }, { name: "USN-4284-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4284-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19057", datePublished: "2019-11-18T05:23:57", dateReserved: "2019-11-18T00:00:00", dateUpdated: "2024-08-05T02:09:39.338Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21496
Vulnerability from cvelistv5
Published
2022-04-19 20:38
Modified
2024-09-24 20:05
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:46:38.681Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { name: "DSA-5128", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { name: "DSA-5131", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-21496", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-24T13:53:50.783083Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-24T20:05:36.664Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:7u331", }, { status: "affected", version: "Oracle Java SE:8u321", }, { status: "affected", version: "Oracle Java SE:11.0.14", }, { status: "affected", version: "Oracle Java SE:17.0.2", }, { status: "affected", version: "Oracle Java SE:18", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.5", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.0.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:06:40.368882", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { name: "DSA-5128", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { name: "DSA-5131", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2022-21496", datePublished: "2022-04-19T20:38:50", dateReserved: "2021-11-15T00:00:00", dateUpdated: "2024-09-24T20:05:36.664Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38201
Vulnerability from cvelistv5
Published
2021-08-08 19:26
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210902-0010/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:37:16.300Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-02T08:06:44", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38201", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { name: "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c", }, { name: "https://security.netapp.com/advisory/ntap-20210902-0010/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38201", datePublished: "2021-08-08T19:26:54", dateReserved: "2021-08-08T00:00:00", dateUpdated: "2024-08-04T01:37:16.300Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20836
Vulnerability from cvelistv5
Published
2019-05-07 13:04
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:12:27.403Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { name: "108196", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108196", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K11225249", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { name: "openSUSE-SU-2019:1716", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html", }, { name: "openSUSE-SU-2019:1757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html", }, { name: "USN-4076-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4076-1/", }, { name: "DSA-4495", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4495", }, { name: "20190812 [SECURITY] [DSA 4495-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/13", }, { name: "20190813 [SECURITY] [DSA 4497-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/18", }, { name: "DSA-4497", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4497", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-14T13:06:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { name: "108196", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108196", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K11225249", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { name: "openSUSE-SU-2019:1716", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html", }, { name: "openSUSE-SU-2019:1757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html", }, { name: "USN-4076-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4076-1/", }, { name: "DSA-4495", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4495", }, { name: "20190812 [SECURITY] [DSA 4495-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/13", }, { name: "20190813 [SECURITY] [DSA 4497-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/18", }, { name: "DSA-4497", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4497", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20836", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { name: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", refsource: "MISC", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { name: "108196", refsource: "BID", url: "http://www.securityfocus.com/bid/108196", }, { name: "https://support.f5.com/csp/article/K11225249", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K11225249", }, { name: "https://security.netapp.com/advisory/ntap-20190719-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { name: "openSUSE-SU-2019:1716", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html", }, { name: "openSUSE-SU-2019:1757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html", }, { name: "USN-4076-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4076-1/", }, { name: "DSA-4495", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4495", }, { name: "20190812 [SECURITY] [DSA 4495-1] linux security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/13", }, { name: "20190813 [SECURITY] [DSA 4497-1] linux security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/18", }, { name: "DSA-4497", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4497", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20836", datePublished: "2019-05-07T13:04:44", dateReserved: "2019-05-07T00:00:00", dateUpdated: "2024-08-05T12:12:27.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28796
Vulnerability from cvelistv5
Published
2022-04-08 04:11
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220506-0006/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:03:52.967Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220506-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-06T13:06:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220506-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-28796", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1", }, { name: "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e", }, { name: "https://security.netapp.com/advisory/ntap-20220506-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220506-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-28796", datePublished: "2022-04-08T04:11:51", dateReserved: "2022-04-08T00:00:00", dateUpdated: "2024-08-03T06:03:52.967Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21541
Vulnerability from cvelistv5
Published
2022-07-19 00:00
Modified
2024-09-23 19:22
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u343 Version: Oracle Java SE:8u333 Version: Oracle Java SE:11.0.15.1 Version: Oracle Java SE:17.0.3.1 Version: Oracle Java SE:18.0.1.1 Version: Oracle GraalVM Enterprise Edition:20.3.6 Version: Oracle GraalVM Enterprise Edition:21.3.2 Version: Oracle GraalVM Enterprise Edition:22.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:46:38.300Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "DSA-5188", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { name: "DSA-5192", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-19b6f21746", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { name: "FEDORA-2022-ae563934f7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { name: "FEDORA-2022-e573851f56", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { name: "FEDORA-2022-d26586b419", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { name: "FEDORA-2022-80afe2304a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { name: "FEDORA-2022-b76ab52e73", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { name: "GLSA-202401-25", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-25", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-21541", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-11T20:42:01.658119Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-23T19:22:48.866Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Java SE JDK and JRE", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "Oracle Java SE:7u343", }, { status: "affected", version: "Oracle Java SE:8u333", }, { status: "affected", version: "Oracle Java SE:11.0.15.1", }, { status: "affected", version: "Oracle Java SE:17.0.3.1", }, { status: "affected", version: "Oracle Java SE:18.0.1.1", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:20.3.6", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:21.3.2", }, { status: "affected", version: "Oracle GraalVM Enterprise Edition:22.1.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-17T15:06:44.119587", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "DSA-5188", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { name: "DSA-5192", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { name: "FEDORA-2022-19b6f21746", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { name: "FEDORA-2022-ae563934f7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { name: "FEDORA-2022-e573851f56", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { name: "FEDORA-2022-d26586b419", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { name: "FEDORA-2022-80afe2304a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { name: "FEDORA-2022-b76ab52e73", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { name: "GLSA-202401-25", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-25", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2022-21541", datePublished: "2022-07-19T00:00:00", dateReserved: "2021-11-15T00:00:00", dateUpdated: "2024-09-23T19:22:48.866Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37434
Vulnerability from cvelistv5
Published
2022-08-05 00:00
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:21.032Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/ivd38/zlib_overflow", }, { tags: [ "x_transferred", ], url: "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1", }, { tags: [ "x_transferred", ], url: "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063", }, { tags: [ "x_transferred", ], url: "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764", }, { name: "[oss-security] 20220805 zlib buffer overflow", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/08/05/2", }, { tags: [ "x_transferred", ], url: "https://github.com/curl/curl/issues/9271", }, { name: "[oss-security] 20220808 Re: zlib buffer overflow", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/08/09/1", }, { name: "FEDORA-2022-25e4dbedf9", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/", }, { name: "DSA-5218", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5218", }, { name: "FEDORA-2022-15da0cf165", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220901-0005/", }, { name: "FEDORA-2022-b8232d1cca", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/", }, { name: "[debian-lts-announce] 20220912 [SECURITY] [DLA 3103-1] zlib security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html", }, { name: "FEDORA-2022-3c28ae0cd8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/", }, { name: "FEDORA-2022-0b517a5397", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213489", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213488", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213494", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213493", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213491", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213490", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/38", }, { name: "20221030 APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/37", }, { name: "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Oct/42", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230427-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "unknown", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-27T14:06:53.533Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/ivd38/zlib_overflow", }, { url: "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1", }, { url: "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063", }, { url: "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764", }, { name: "[oss-security] 20220805 zlib buffer overflow", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/08/05/2", }, { url: "https://github.com/curl/curl/issues/9271", }, { name: "[oss-security] 20220808 Re: zlib buffer overflow", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/08/09/1", }, { name: "FEDORA-2022-25e4dbedf9", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/", }, { name: "DSA-5218", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5218", }, { name: "FEDORA-2022-15da0cf165", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/", }, { url: "https://security.netapp.com/advisory/ntap-20220901-0005/", }, { name: "FEDORA-2022-b8232d1cca", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/", }, { name: "[debian-lts-announce] 20220912 [SECURITY] [DLA 3103-1] zlib security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html", }, { name: "FEDORA-2022-3c28ae0cd8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/", }, { name: "FEDORA-2022-0b517a5397", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/", }, { url: "https://support.apple.com/kb/HT213489", }, { url: "https://support.apple.com/kb/HT213488", }, { url: "https://support.apple.com/kb/HT213494", }, { url: "https://support.apple.com/kb/HT213493", }, { url: "https://support.apple.com/kb/HT213491", }, { url: "https://support.apple.com/kb/HT213490", }, { name: "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { name: "20221030 APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/38", }, { name: "20221030 APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/37", }, { name: "20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Oct/42", }, { url: "https://security.netapp.com/advisory/ntap-20230427-0007/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37434", datePublished: "2022-08-05T00:00:00.000Z", dateReserved: "2022-08-05T00:00:00.000Z", dateUpdated: "2025-02-13T16:32:54.046Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27781
Vulnerability from cvelistv5
Published
2022-06-01 00:00
Modified
2024-08-03 05:33
Severity ?
EPSS score ?
Summary
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Version: Fixed in 7.83.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:33:00.192Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://hackerone.com/reports/1555441", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { name: "DSA-5197", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "https://github.com/curl/curl", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in 7.83.1", }, ], }, ], descriptions: [ { lang: "en", value: "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Denial of Service (CWE-400)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T00:00:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { url: "https://hackerone.com/reports/1555441", }, { url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { name: "DSA-5197", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { name: "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { name: "GLSA-202212-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, ], }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2022-27781", datePublished: "2022-06-01T00:00:00", dateReserved: "2022-03-23T00:00:00", dateUpdated: "2024-08-03T05:33:00.192Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35493
Vulnerability from cvelistv5
Published
2021-01-04 14:22
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1911437 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210212-0007/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:08.087Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911437", }, { name: "FEDORA-2020-28c78a6ac3", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "binutils", vendor: "n/a", versions: [ { status: "affected", version: "binutils 2.34", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20->CWE-122->CWE-125", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-10T04:06:45", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911437", }, { name: "FEDORA-2020-28c78a6ac3", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2020-35493", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "binutils", version: { version_data: [ { version_value: "binutils 2.34", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20->CWE-122->CWE-125", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1911437", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911437", }, { name: "FEDORA-2020-28c78a6ac3", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { name: "https://security.netapp.com/advisory/ntap-20210212-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { name: "GLSA-202107-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-35493", datePublished: "2021-01-04T14:22:55", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-04T17:02:08.087Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-07-19 22:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 21.3.2 | |
| oracle | graalvm | 22.1.0 | |
| oracle | jdk | 17.0.3.1 | |
| oracle | jre | 17.0.3.1 | |
| azul | zulu | 17.34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 11.0 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_secure_agent | - | |
| netapp | hci_management_node | - | |
| netapp | oncommand_insight | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "601D92C4-F71F-47E2-9041-5C286D2137F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B18FE85D-C53D-44E9-8992-715820D1264B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7AF3539B-0434-4310-AE88-F46864C7C20F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*", matchCriteriaId: "B6302149-28AA-481E-BC6C-87D05E73768A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, { lang: "es", value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 y 22.1.0. La vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualización, inserción o eliminación de algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, ], id: "CVE-2022-21549", lastModified: "2024-11-21T06:44:56.113", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2022-07-19T22:15:12.147", references: [ { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/", }, { source: "secalert_us@oracle.com", url: "https://security.gentoo.org/glsa/202401-25", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-25 19:15
Modified
2024-11-21 06:37
Severity ?
Summary
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.15 | |
| linux | linux_kernel | 5.15 | |
| linux | linux_kernel | 5.15 | |
| linux | linux_kernel | 5.15 | |
| netapp | active_iq_unified_manager | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | a700s_firmware | - | |
| netapp | a700s | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| oracle | communications_cloud_native_core_binding_support_function | 22.1.3 | |
| oracle | communications_cloud_native_core_network_exposure_function | 22.1.1 | |
| oracle | communications_cloud_native_core_policy | 22.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "037A6DFB-B41D-4CC7-86C1-A201809B79C4", versionEndExcluding: "5.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*", matchCriteriaId: "40D9C0D1-0F32-4A2B-9840-1072F5497540", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", matchCriteriaId: "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", matchCriteriaId: "60134C3A-06E4-48C1-B04F-2903732A4E56", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", matchCriteriaId: "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "4B7DA42F-5D64-4967-A2D4-6210FE507841", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6EDB6772-7FDB-45FF-8D72-952902A7EE56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9955F62A-75D3-4347-9AD3-5947FC365838", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7A6D77C7-A2F4-4700-AB5A-3EC853496ECA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.", }, { lang: "es", value: "Se ha encontrado un fallo de lectura de uso de memoria previamente liberada en la función sock_getsockopt() en el archivo net/core/sock.c debido a la carrera de SO_PEERCRED y SO_PEERGROUPS con listen() (y connect()) en el kernel de Linux. En este fallo, un atacante con privilegios de usuario puede bloquear el sistema o filtrar información interna del kernel", }, ], id: "CVE-2021-4203", lastModified: "2024-11-21T06:37:08.430", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-25T19:15:09.833", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2036934", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814", }, { source: "secalert@redhat.com", url: "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221111-0003/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2036934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221111-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-15 18:15
Modified
2024-11-21 05:00
Severity ?
Summary
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "DF8D3C1A-7029-4267-B1EA-3D12CAC1EA55", versionEndIncluding: "5.6.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "4B7DA42F-5D64-4967-A2D4-6210FE507841", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.", }, { lang: "es", value: "El controlador VFIO PCI en el kernel de Linux versiones hasta 5.6.13, maneja inapropiadamente los intentos para acceder al espacio de memoria deshabilitado.", }, ], id: "CVE-2020-12888", lastModified: "2024-11-21T05:00:29.897", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.7, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-15T18:15:13.650", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/05/19/6", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/", }, { source: "cve@mitre.org", url: "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/", }, { source: "cve@mitre.org", url: "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4525-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4526-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/05/19/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBEHRQQZTKJTPQFPY3JAO7MQ4JAFEQNW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXGMJHWTMQI34NJZ4BHL3ZVF264AWBF2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lore.kernel.org/kvm/158871401328.15589.17598154478222071285.stgit%40gimli.home/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit%40gimli.home/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4525-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4526-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20191205-0001/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4225-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20191205-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4225-1/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "5DE0A98B-691B-452B-8586-6A95E92C4C98", versionEndExcluding: "5.3.11", versionStartIncluding: "5.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "5C0ADE5D-F91D-4E0D-B6C5-3511B19665F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5AF71C49-ADEF-4EE2-802C-6159ADD51355", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*", matchCriteriaId: "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*", matchCriteriaId: "24377899-5389-4BDC-AC82-0E4186F4DE53", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*", matchCriteriaId: "23FE83DE-AE7C-4313-88E3-886110C31302", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*", matchCriteriaId: "490B327B-AC20-419B-BB76-8AB6971304BB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*", matchCriteriaId: "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*", matchCriteriaId: "6CA74E8B-51E2-4A7C-8A98-0583D31134A6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*", matchCriteriaId: "7B64AB37-A1D9-4163-A51B-4C780361F1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*", matchCriteriaId: "7BE9C9D7-9CED-4184-A190-1024A6FB8C82", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*", matchCriteriaId: "B73D4C3C-A511-4E14-B19F-91F561ACB1B8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*", matchCriteriaId: "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*", matchCriteriaId: "039C3790-5AA2-4895-AEAE-CC84A71DB907", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*", matchCriteriaId: "B4592238-D1F2-43D6-9BAB-2F63ECF9C965", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*", matchCriteriaId: "0BA78068-80E9-4E49-9056-88EAB7E3682C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*", matchCriteriaId: "092F366C-E8B0-4BE5-B106-0B7A73B08D34", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*", matchCriteriaId: "E7992E92-B159-4810-B895-01A9B944058A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*", matchCriteriaId: "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "66EEA3CA-8CC7-4F0B-8204-6132D4114873", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", matchCriteriaId: "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762.", }, { lang: "es", value: "Dos pérdidas de memoria en la función v3d_submit_cl_ioctl() en el archivo drivers/gpu/drm/v3d/v3d_gem.c en el kernel de Linux versiones anteriores a la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función kcalloc() o v3d_job_init(), también se conoce como CID-29cd13cfd762.", }, ], id: "CVE-2019-19044", lastModified: "2024-11-21T04:34:03.447", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:11.280", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4225-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4225-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-17 02:15
Modified
2024-11-21 05:57
Severity ?
Summary
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| debian | debian_linux | 9.0 | |
| netapp | cloud_backup | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_h410c_firmware | - | |
| netapp | hci_h410c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "02DED9BD-F021-49CC-B2D3-C92E5DBEF3AF", versionEndIncluding: "5.10.16", versionStartIncluding: "3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "4AFE5CAF-ACA7-4F82-BEC1-69562D75E66E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "08C564D8-E21F-403C-B4BB-7B14B7FB5DAE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "8532F5F0-00A1-4FA9-A80B-09E46D03F74F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.", }, { lang: "es", value: "Se detectó un problema en el kernel de Linux versiones 3.2 hasta 5.10.16, tal como es usado Xen. Las operaciones de mapeo de concesiones a menudo ocurren hiperllamadas por lotes, donde se realizan varias operaciones en una sola hiperllamada, el éxito o el fallo de cada una es reportada al controlador del backend, y el controlador del backend luego recorre los resultados, llevando a cabo acciones de seguimiento en función del éxito o fallo de cada operación. Desafortunadamente, cuando se ejecuta en modo PV, los controladores del backend de Linux manejan inapropiadamente esto: algunos errores son ignorados, lo que implica efectivamente su éxito por el éxito de los elementos de lote relacionados. En otros casos, los errores que resultan de un elemento del lote conllevan a que no se inspeccionen más elementos del lote y, por lo tanto, no es posible desasignar apropiadamente los correctos tras la recuperación del error. Solo los sistemas con backends de Linux que se ejecutan en modo PV son vulnerables. Los backends de Linux que se ejecutan en modos HVM / PVH no son vulnerables. Esto afecta a los archivos arch/*/xen/p2m.c y drivers/xen/gntdev.c", }, ], id: "CVE-2021-26932", lastModified: "2024-11-21T05:57:04.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 1.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-17T02:15:13.033", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://xenbits.xen.org/xsa/advisory-361.html", }, { source: "cve@mitre.org", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ebee0eab08594b2bd5db716288a4f1ae5936e9bc", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210326-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://xenbits.xen.org/xsa/advisory-361.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ebee0eab08594b2bd5db716288a4f1ae5936e9bc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210326-0001/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-04 15:15
Modified
2024-11-21 05:27
Severity ?
Summary
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1911437 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1911437 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", matchCriteriaId: "7FF09EA1-994B-4950-B853-1FB4F936A162", versionEndExcluding: "2.34", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.", }, { lang: "es", value: "Se presenta un fallo en el archivo bfd/pef.c de binutils. Un atacante que pueda enviar un archivo PEF diseñado para que sea analizado por objdump podría causar un desbordamiento del búfer de pila -) lectura fuera de límites que podría tener un impacto en la disponibilidad de la aplicación. Este fallo afecta a binutils versiones anteriores a la 2.34.", }, ], id: "CVE-2020-35493", lastModified: "2024-11-21T05:27:24.997", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-04T15:15:12.777", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911437", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911437", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-18 18:15
Modified
2024-11-21 05:46
Severity ?
Summary
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "4FD6377A-504B-4498-B927-044687AD07F8", versionEndIncluding: "5.14.21", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "73F81EC3-4AB0-4CD7-B845-267C5974DE98", versionEndIncluding: "11.70.1", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "836065F6-BB90-435B-95A7-1A2EE1299D92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas_baseboard_management_controller:8300:*:*:*:*:*:*:*", matchCriteriaId: "073800FE-1C89-41B2-B6E9-A82459EF62BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "836065F6-BB90-435B-95A7-1A2EE1299D92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas_baseboard_management_controller:8700:*:*:*:*:*:*:*", matchCriteriaId: "70F880F0-C9DC-448F-902D-C2AFDDED40BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F4D90857-AB13-47AF-B42A-7ADB190DB189", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_baseboard_management_controller:a400:*:*:*:*:*:*:*", matchCriteriaId: "2D144BC7-D837-4145-9DF8-BA5E08C8FD33", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6EDB6772-7FDB-45FF-8D72-952902A7EE56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9955F62A-75D3-4347-9AD3-5947FC365838", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7A6D77C7-A2F4-4700-AB5A-3EC853496ECA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.", }, { lang: "es", value: "Se encontró un fallo en el procesamiento de los errores ICMP recibidos (fragmento ICMP necesario y redireccionamiento ICMP) en la funcionalidad del kernel de Linux que permite la capacidad de escanear rápidamente los puertos UDP abiertos. Este fallo permite a un usuario remoto fuera de la ruta de acceso omitir efectivamente la aleatorización del puerto de origen UDP. La mayor amenaza de esta vulnerabilidad es la confidencialidad y posiblemente la integridad, porque el software que depende de la aleatorización del puerto de origen UDP también está afectado indirectamente", }, ], id: "CVE-2021-20322", lastModified: "2024-11-21T05:46:22.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-18T18:15:09.013", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2014230", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0002/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2014230", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6&id=a00df2caffed3883c341d5685f830434312e4a43", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220303-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-330", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-330", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 07:02
Severity ?
Summary
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | clustered_data_ontap | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "847EB547-3EB5-4A0C-83DF-D9EFE7FA8B89", versionEndExcluding: "7.83.1", versionStartIncluding: "7.82.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.", }, { lang: "es", value: "usando su soporte HSTS, curl puede ser instruido para usar HTTPS directamente en lugar de usar un paso no seguro de texto sin cifrar HTTP incluso cuando HTTP es proporcionado en la URL. Este mecanismo podría ser omitido si el nombre de host en la URL dada usara un endpoint mientras no es usado uno cuando es construida la caché HSTS. O al revés, si el endpoint estuviera en la caché HSTS y *no* es usado el punto al final en la URL", }, ], id: "CVE-2022-30115", lastModified: "2024-11-21T07:02:11.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-02T14:15:51.507", references: [ { source: "support@hackerone.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/10/26/4", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/12/21/1", }, { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1557449", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/10/26/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/12/21/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1557449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-325", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-319", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-09 07:15
Modified
2024-11-21 07:28
Severity ?
Summary
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| python | python | * | |
| python | python | * | |
| python | python | * | |
| python | python | * | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| python | python | 3.11.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | e-series_performance_analyzer | - | |
| netapp | element_software | - | |
| netapp | hci | - | |
| netapp | management_services_for_element_software | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "20A23D09-CFA7-4028-A5E9-7AD784C2B9D8", versionEndIncluding: "3.7.15", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "9E43ADF1-EABE-45A4-96BE-F1E018ADAEE3", versionEndIncluding: "3.8.15", versionStartIncluding: "3.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "0FB09E1E-A9D2-494E-9481-1BBA00D3CFEC", versionEndIncluding: "3.9.15", versionStartIncluding: "3.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "2415C537-F33F-496E-BD1C-65887C29FA0B", versionEndIncluding: "3.10.8", versionStartIncluding: "3.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:-:*:*:*:*:*:*", matchCriteriaId: "E533460B-E5D6-4C30-A36B-15E2DDF4121C", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "514A577E-5E60-40BA-ABD0-A8C5EB28BD90", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*", matchCriteriaId: "83B71795-9C81-4E5F-967C-C11808F24B05", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*", matchCriteriaId: "3F6F71F3-299E-4A4B-ADD1-EAD5A1D433E2", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*", matchCriteriaId: "D9BBF4E9-EA54-41B5-948E-8E3D2660B7EF", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*", matchCriteriaId: "AEBFDCE7-81D4-4741-BB88-12C704515F5C", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*", matchCriteriaId: "156EB4C2-EFB7-4CEB-804D-93DB62992A63", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*", matchCriteriaId: "8CC972AE-16A8-4B74-A3E7-36BCDD7C1ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*", matchCriteriaId: "554015CB-0325-438B-8C11-0F85F54ABC50", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*", matchCriteriaId: "8037C129-0030-455E-A359-98E14D1498D4", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*", matchCriteriaId: "7C3DC43B-72CC-4FC5-8072-F051FB47F6D1", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:*", matchCriteriaId: "6657ED60-908B-48E6-B95B-572E57CFBB69", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*", matchCriteriaId: "1EF628A1-82F5-403C-B527-388C13507CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:*", matchCriteriaId: "3055A198-13F8-42C0-8FD7-316AA8984A8A", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.11.0:rc2:*:*:*:*:*:*", matchCriteriaId: "03591292-46A3-4F6C-9DC6-4C7BFC4C8743", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", matchCriteriaId: "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "86B51137-28D9-41F2-AFA2-3CC22B4954D1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", }, { lang: "es", value: "Se descubrió un problema en Python antes de la versión 3.11.1. Existe un algoritmo cuadrático innecesario en una ruta cuando se procesan algunas entradas al decodificador IDNA (RFC 3490), de modo que un nombre elaborado e irrazonablemente largo que se presente al decodificador podría provocar una denegación de servicio de la CPU. Los nombres de host suelen ser proporcionados por servidores remotos que podrían estar controlados por un actor malicioso; en tal escenario, podrían desencadenar un consumo excesivo de CPU en el cliente que intenta hacer uso de un supuesto nombre de host proporcionado por el atacante. Por ejemplo, el payload del ataque podría colocarse en el encabezado Ubicación de una respuesta HTTP con el código de estado 302. Está prevista una solución en 3.11.1, 3.10.9, 3.9.16, 3.8.16 y 3.7.16.", }, ], id: "CVE-2022-45061", lastModified: "2024-11-21T07:28:42.067", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-09T07:15:09.887", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/python/cpython/issues/98433", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-02", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221209-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/python/cpython/issues/98433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202305-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221209-0007/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-407", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:50
Severity ?
Summary
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "220650BF-E1B2-41F9-A9FA-978356E63FB7", versionEndIncluding: "7.76.1", versionStartIncluding: "7.75.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", matchCriteriaId: "10323322-F6C0-4EA7-9344-736F7A80AA5F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", matchCriteriaId: "DF616620-88CE-4A77-B904-C1728A2E6F9B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "3AA09838-BF13-46AC-BB97-A69F48B73A8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "175B97A7-0B00-4378-AD9F-C01B6D9FD570", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", matchCriteriaId: "6A0BD5BD-E2F8-4B4E-B5CF-9787E6F2E4AE", versionEndExcluding: "11.1.2.4.047", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", matchCriteriaId: "3197F464-F0A5-4BD4-9068-65CD448D8F4C", versionEndExcluding: "21.3", versionStartIncluding: "21.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "10630209-CF90-455D-B70F-DB50BAFC5499", versionEndIncluding: "5.7.34", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "181677F8-59EE-49BC-91A7-845819742869", versionEndIncluding: "8.0.25", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", matchCriteriaId: "E8F29E19-3A64-4426-A2AA-F169440267CC", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.", }, { lang: "es", value: "curl versiones 7.75.0 hasta 7.76.1 sufre de una vulnerabilidad de uso de la memoria previamente liberada que resulta en el uso de memoria ya liberada cuando un ticket de sesión TLS 1.3 llega a través de una conexión. Un servidor malicioso puede usar esto en raras circunstancias desafortunadas para alcanzar potencialmente la ejecución de código remota en el cliente. Cuando libcurl en tiempo de ejecución configura el soporte para tickets de sesión TLS 1.3 en una conexión usando OpenSSL, almacena punteros al objeto de transferencia en memoria para su posterior recuperación cuando llega un ticket de sesión. Si la conexión es usada por múltiples transferencias (como en el caso de una conexión HTTP/1.1 reutilizada o una conexión HTTP/2 multiplexada) ese primer objeto de transferencia podría ser liberado antes de que se establezca la nueva sesión en esa conexión y entonces la función accederá a un búfer de memoria que podría ser liberado. Al utilizar esa memoria, libcurl podría incluso llamar a un puntero de función en el objeto, haciendo posible una ejecución de código remota si el servidor pudiera de alguna manera conseguir el contenido de la memoria diseñada en el lugar correcto de la memoria", }, ], id: "CVE-2021-22901", lastModified: "2024-11-21T05:50:52.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-11T16:15:11.120", references: [ { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf", }, { source: "support@hackerone.com", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2021-22901.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479", }, { source: "support@hackerone.com", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://hackerone.com/reports/1180380", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210723-0001/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210727-0007/", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2021-22901.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://hackerone.com/reports/1180380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210723-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210727-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-19 22:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "7D961E24-EA18-4217-B5F5-F847726D84E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "601D92C4-F71F-47E2-9041-5C286D2137F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B18FE85D-C53D-44E9-8992-715820D1264B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*", matchCriteriaId: "6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*", matchCriteriaId: "EB2A5440-7FA7-4A86-AA19-E2ABBD809B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*", matchCriteriaId: "9C0485FC-E4B2-464E-8228-1387AC5F353B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7AF3539B-0434-4310-AE88-F46864C7C20F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "F5CC9398-71B6-4480-95ED-EDCE838D157E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*", matchCriteriaId: "60614E43-090E-44D7-94AD-FFAE38FF111F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*", matchCriteriaId: "131E1C9E-721C-4176-B78B-69C01F90A9A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*", matchCriteriaId: "AD4BFA12-588A-4D8D-B45F-648A55EC674C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4EF9CFB1-CEC9-483E-BECF-618190C03944", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9", versionEndIncluding: "11.0.15", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "8CA6BC07-2BDA-4913-AF2B-FD2146B0E539", versionEndIncluding: "13.0.11", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "5A2E366B-549D-48C5-B3FB-AD0E8C75AE08", versionEndIncluding: "15.0.7", versionStartIncluding: "15", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "15FD6A0B-BB1A-4875-926C-AB1B6EC1A053", versionEndIncluding: "17.0.3", versionStartIncluding: "17", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*", matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*", matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*", matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*", matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*", matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*", matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*", matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*", matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*", matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*", matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*", matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*", matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*", matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*", matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*", matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*", matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*", matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*", matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*", matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*", matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*", matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*", matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*", matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*", matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*", matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*", matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*", matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*", matchCriteriaId: "56CBFC1F-C120-44F2-877A-C1C880AA89C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*", matchCriteriaId: "50C77346-8893-44F0-B0D1-5D4D30A9CA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*", matchCriteriaId: "63E58DE0-A96A-452E-986F-3BD2FEA7C723", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*", matchCriteriaId: "D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*", matchCriteriaId: "BD7A33EC-DE03-424F-9796-E5EA071FF6CD", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*", matchCriteriaId: "CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*", matchCriteriaId: "B6302149-28AA-481E-BC6C-87D05E73768A", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*", matchCriteriaId: "20DFD9D8-8648-40F7-81B8-04F852A337FA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, { lang: "es", value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones afectadas son Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 y 22.1.0. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en la creación no autorizada, la eliminación o el acceso a la modificación de datos críticos o de todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan código no confiable (por ejemplo, código procedente de Internet) y que dependen de la sandbox de Java para su seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 5.9 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, ], id: "CVE-2022-21541", lastModified: "2024-11-21T06:44:55.193", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2022-07-19T22:15:11.783", references: [ { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { source: "secalert_us@oracle.com", url: "https://security.gentoo.org/glsa/202401-25", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-08 14:29
Modified
2024-11-21 04:21
Severity ?
Summary
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 42.3 | |
| netapp | active_iq_unified_manager | * | |
| netapp | hci_management_node | - | |
| netapp | snapprotect | - | |
| netapp | solidfire | - | |
| netapp | storage_replication_adapter | 7.2 | |
| netapp | vasa_provider_for_clustered_data_ontap | * | |
| netapp | virtual_storage_console | * | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - | |
| netapp | cn1610_firmware | - | |
| netapp | cn1610 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8176C84C-74F4-408B-8DE1-31754AA08894", versionEndExcluding: "4.4.179", versionStartIncluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B80909D0-45BB-44DD-982A-B9A8C4E68285", versionEndExcluding: "4.9.169", versionStartIncluding: "4.9", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F0623A64-FD3D-4FB3-A3D5-252A1F4716AE", versionEndExcluding: "4.14.112", versionStartIncluding: "4.14", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "36E8D561-D530-432B-9512-ECCD0D08E217", versionEndExcluding: "4.19.35", versionStartIncluding: "4.19", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B8C3EB64-4B85-4C0E-B9BD-5342B604A466", versionEndExcluding: "5.0.8", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*", matchCriteriaId: "2258D313-BAF7-482D-98E0-79F2A448287B", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*", matchCriteriaId: "1578A37C-C7CC-4B36-8668-6A1AED63B0A8", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*", matchCriteriaId: "49BD6839-AB64-48DA-9D1D-18B4508AF652", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*", matchCriteriaId: "A1E5129A-F85C-432A-988D-6C3ED03EC04D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*", matchCriteriaId: "F74F467A-0C81-40D9-BA06-40FB8EF02C04", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_replication_adapter:7.2:*:*:*:*:vsphere:*:*", matchCriteriaId: "3627515C-C752-4D43-B593-BF4DC512BF0F", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", matchCriteriaId: "13270F58-E106-48CE-9933-E68AABBBFC21", versionStartIncluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*", matchCriteriaId: "066C2961-E9C4-418E-82AF-1A7C35D5C085", versionStartIncluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB30733E-68FC-49C4-86C0-7FEE75C366BF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", matchCriteriaId: "6361DAC6-600F-4B15-8797-D67F298F46FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.", }, { lang: "es", value: "Se descubrió un problema en rds_tcp_kill_sock en net/rds/tcp.c en el núcleo de Linux anterior a la versión 5.0.8. Existe una condición de carrera que conduce a un uso después de liberación de memoria, relacionado con la limpieza del espacio de nombres de red.", }, ], id: "CVE-2019-11815", lastModified: "2024-11-21T04:21:49.237", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-08T14:29:00.280", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108283", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/26", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K32019083", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4005-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4008-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4008-3/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4068-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4068-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4118-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb66ddd156203daefb8d71158036b27b0e2caf63", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K32019083", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4005-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4008-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4008-3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4068-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4068-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4118-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4465", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-07 21:15
Modified
2024-11-21 07:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | jetty | * | |
| eclipse | jetty | * | |
| eclipse | jetty | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | element_plug-in_for_vcenter_server | - | |
| netapp | management_services_for_element_software_and_netapp_hci | - | |
| netapp | snapcenter | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| netapp | hci_compute_node | - | |
| jenkins | jenkins | * | |
| jenkins | jenkins | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "A055068C-4D71-4DDD-AEFF-E39982FD8DC7", versionEndExcluding: "9.4.47", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "DB90B12D-86AF-4A9F-8C44-0213FA056919", versionEndExcluding: "10.0.9", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "FC65CE45-D006-4A65-81EA-B7D0397DCA2B", versionEndExcluding: "11.0.9", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*", matchCriteriaId: "214712B6-59AF-4B5E-84BF-AF3C74A390EA", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*", matchCriteriaId: "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", matchCriteriaId: "FB750FC4-A7B8-464B-9CF1-02BAC0A5121B", versionEndExcluding: "2.263", vulnerable: true, }, { criteria: "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", matchCriteriaId: "F1570EF2-F7AD-4D7A-B13C-5F729E218E0F", versionEndExcluding: "2.361.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.", }, { lang: "es", value: "En la implementación del servidor Eclipse Jetty HTTP/2, cuando es encontrada una petición HTTP/2 no válida, el manejo de errores presenta un error que puede terminar por no limpiar apropiadamente las conexiones activas y los recursos asociados. Esto puede conllevar a un escenario de denegación de servicio en el que no queden recursos suficientes para procesar las peticiones buenas", }, ], id: "CVE-2022-2048", lastModified: "2024-11-21T07:00:13.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "emo@eclipse.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-07T21:15:10.150", references: [ { source: "emo@eclipse.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/09/09/2", }, { source: "emo@eclipse.org", tags: [ "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", }, { source: "emo@eclipse.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { source: "emo@eclipse.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, { source: "emo@eclipse.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5198", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/09/09/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5198", }, ], sourceIdentifier: "emo@eclipse.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-410", }, { lang: "en", value: "CWE-664", }, ], source: "emo@eclipse.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 04:31
Severity ?
Summary
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B09C415-21F2-49C9-BFAE-2151C8ED4D06", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "DAD1B18F-9C37-48CC-92E2-9C5E66B206CB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F196C09E-4C45-42D5-B509-7EB77F6566F1", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*", matchCriteriaId: "12BD4008-DB6A-4749-A426-D2DE44819A9D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "13D72F66-A1B2-4FB7-B31B-EF16955BC871", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*", matchCriteriaId: "3E79B422-C844-411C-AA49-CFD73D3C6E2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CB658DF3-A68F-4248-B240-9194E17941E1", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*", matchCriteriaId: "53AAEC5C-06EE-4C58-A981-EBF5860CEF16", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E16E621D-84DB-4F0D-A771-5E282B0292B2", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*", matchCriteriaId: "0751225A-6E9C-4281-93A4-A048920FF7C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "059624DD-C1C8-408C-8026-D4FBC93C3CF9", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*", matchCriteriaId: "8C1E56ED-1E61-4B7E-8EC0-BB2AAD57EF7B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "06AF9201-89AB-42E6-97CF-9EDDC17EF7AE", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*", matchCriteriaId: "41ADD701-AD49-46B2-A12E-219CCED32298", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2656219C-7E23-47F7-AFB7-0D6D3D2ACA85", versionEndExcluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*", matchCriteriaId: "1E0E33F2-E89B-4008-BED2-CF2296801078", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", matchCriteriaId: "83C9B16A-F21D-475D-9B00-9B6E64FAB0F8", versionEndExcluding: "3.46", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.", }, { lang: "es", value: "En Network Security Services (NSS) versiones anteriores a 3.46, varias primitivas criptográficas presentaban una falta de comprobación de longitud. En los casos en que la aplicación que llama a la biblioteca no llevó a cabo una comprobación de saneo en las entradas, lo que podría resultar en un bloqueo debido a un desbordamiento del búfer", }, ], id: "CVE-2019-17006", lastModified: "2024-11-21T04:31:31.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-22T21:15:12.560", references: [ { source: "security@mozilla.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { source: "security@mozilla.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210129-0001/", }, { source: "security@mozilla.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210129-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, ], sourceIdentifier: "security@mozilla.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 06:56
Severity ?
Summary
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | clustered_data_ontap | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| brocade | fabric_operating_system | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "5C214153-4B3E-4F09-9B58-413136131841", versionEndIncluding: "7.82.0", versionStartIncluding: "4.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "41CD1160-B681-41EF-9EB4-06CE0F53C501", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", }, { lang: "es", value: "Una vulnerabilidad de credenciales insuficientemente protegidas se presenta en curl versión 4.9 a e incluyen curl versión 7.82.0 están afectados que podría permitir a un atacante para extraer credenciales cuando sigue redireccionamientos HTTP(S) es usado con la autenticación podría filtrar credenciales a otros servicios que se presentan en diferentes protocolos o números de puerto", }, ], id: "CVE-2022-27774", lastModified: "2024-11-21T06:56:09.677", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-02T14:15:43.317", references: [ { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1543773", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1543773", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-28 07:15
Modified
2024-11-21 05:23
Severity ?
Summary
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| netapp | cloud_backup | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "9F533643-6482-466F-87F2-9446C8214FF5", versionEndExcluding: "4.9.228", versionStartIncluding: "4.5.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "82A795AE-6C0D-4C70-93E8-CB1183C8F147", versionEndExcluding: "4.14.185", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "96593438-C71A-47FD-B19B-F54C6E65BDA5", versionEndExcluding: "4.19.129", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "55E407BF-74C3-42AB-8591-2385D5732960", versionEndExcluding: "5.4.48", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "45E1B7E8-BF1C-4AFA-9862-DAE3916A8846", versionEndExcluding: "5.7.5", versionStartIncluding: "5.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.", }, { lang: "es", value: "Se detectó un problema en la función __split_huge_pmd en el archivo mm/huge_memory.c en el kernel de Linux versiones anteriores a 5.7.5. La implementación copy-on-write puede otorgar acceso de escritura no previsto debido a una condición de carrera en una comprobación de conteo de mapas THP, también se conoce como CID-c444eb564fb1", }, ], id: "CVE-2020-29368", lastModified: "2024-11-21T05:23:55.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-28T07:15:11.460", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210108-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210108-0002/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-25 09:15
Modified
2025-03-28 15:16
Severity ?
Summary
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:ruby:*:*", matchCriteriaId: "57E74758-D6C1-4C5F-B471-D4028BAEF97C", versionEndExcluding: "1.13.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*", matchCriteriaId: "4976954F-9DF9-4CE4-B94D-2D8CA6ACA188", versionEndExcluding: "1.2.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "DB8A73F8-3074-4B32-B9F6-343B6B1988C5", versionEndExcluding: "10.15.7", versionStartIncluding: "10.15", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", matchCriteriaId: "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", matchCriteriaId: "F12CC8B5-C1EB-419E-8496-B9A3864656AD", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", matchCriteriaId: "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", matchCriteriaId: "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", matchCriteriaId: "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", matchCriteriaId: "0F441A43-1669-478D-9EC8-E96882DE4F9F", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", matchCriteriaId: "D425C653-37A2-448C-BF2F-B684ADB08A26", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", matchCriteriaId: "A54D63B7-B92B-47C3-B1C5-9892E5873A98", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", matchCriteriaId: "012052B5-9AA7-4FD3-9C80-5F615330039D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", matchCriteriaId: "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", matchCriteriaId: "8E974DC6-F7D9-4389-9AF9-863F6E419CE6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", matchCriteriaId: "156A6382-2BD3-4882-90B2-8E7CF6659E17", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*", matchCriteriaId: "20A2FDB2-6712-406A-9896-C0B44508B07D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", matchCriteriaId: "49F537A0-DC42-4176-B22F-C80D179DD99D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "09A6345C-D813-43BA-B12E-789C80653F86", versionEndExcluding: "11.6.6", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "56A8A170-44A7-4334-88B0-CB4413E28E53", versionEndExcluding: "12.4", versionStartIncluding: "12.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "0743C1B3-D44D-4940-AAF4-25DEFB46AC74", versionEndExcluding: "3.7.14", versionStartIncluding: "3.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "5E28EB81-9BE6-4EC9-AC44-EFA4DDB0233F", versionEndExcluding: "3.8.14", versionStartIncluding: "3.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "D10062BC-7B79-46C6-9FF5-396AE56F4508", versionEndExcluding: "3.9.13", versionStartIncluding: "3.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "90CD96D5-4F6E-4733-A8D1-0771156CA2A2", versionEndExcluding: "3.10.5", versionStartIncluding: "3.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "D5048A61-025A-46D4-AA1D-17C20FD193C0", versionEndExcluding: "10.3.36", versionStartIncluding: "10.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "76F49D8B-E293-475B-A190-E55F2586EB74", versionEndExcluding: "10.4.26", versionStartIncluding: "10.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "144984F5-B5E4-4890-B84C-0BD4EBD1A575", versionEndExcluding: "10.5.17", versionStartIncluding: "10.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "9397E948-E3C7-4AE0-AB59-D8DF6DC0F85A", versionEndExcluding: "10.6.9", versionStartIncluding: "10.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "3E60C79C-A7E6-4AEF-AD29-38BC63149C60", versionEndExcluding: "10.7.5", versionStartIncluding: "10.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "EB9F7573-E888-42B6-8B57-CAF26300CC16", versionEndExcluding: "10.8.4", versionStartIncluding: "10.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", matchCriteriaId: "9FD7E579-DE84-4D5D-A959-AC4C959A7020", versionEndExcluding: "10.9.2", versionStartIncluding: "10.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C5DA53D-744B-4087-AEA9-257F18949E4D", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "86B51137-28D9-41F2-AFA2-3CC22B4954D1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21A75847-54F1-453A-82D7-B6D2CB2DE7AA", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "50FEE5FA-B141-4E5F-8673-363089262530", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCD4A67-EA4B-47C7-83F8-5CCC18BC3C94", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "EAC3EE40-4398-4337-B40E-8AACDF225BBF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E00E02E5-109C-44E7-8C20-BFEE7C739ADC", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "8A79836B-5EC1-40AF-8A57-9657EF6758E5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E1BC85A6-386C-43E9-9266-50F8C53C7362", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "FCB9BD17-7F1F-42E9-831F-EB907F9BC214", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6ACE6C40-E0BB-4D65-A76E-BCCA262AF2FD", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "10C7D54A-27B4-4195-8131-DD5380472A75", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9BFAB0B9-3C01-4066-B9CD-5A7C4A66AA3C", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "E54AF1E6-0E52-447C-8946-18716D30EBE2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*", matchCriteriaId: "850B5359-7804-406B-9DC9-D22D65ACEE40", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*", matchCriteriaId: "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*", matchCriteriaId: "6AC61C25-871B-4F6F-A5F0-77359F373681", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*", matchCriteriaId: "12A59E25-5ED3-4A6D-95F6-45750866E0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*", matchCriteriaId: "FC0DC492-706E-42FE-8757-71873B53C417", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*", matchCriteriaId: "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*", matchCriteriaId: "28D25E37-5479-4876-B46C-28FF87384852", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:goto:gotoassist:*:*:*:*:*:*:*:*", matchCriteriaId: "BB7FB2D7-6D53-4D9C-865A-4DFC8BC82218", versionEndExcluding: "11.9.18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", }, { lang: "es", value: "zlib versiones anteriores a 1.2.12 permite la corrupción de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes", }, ], id: "CVE-2018-25032", lastModified: "2025-03-28T15:16:29.617", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-25T09:15:08.187", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/03/25/2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/03/26/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/madler/zlib/issues/605", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-42", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220526-0009/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0004/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213255", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213256", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213257", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5111", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/03/24/1", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/03/28/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/03/28/3", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/03/25/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/03/26/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/madler/zlib/issues/605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220526-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5111", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/03/24/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/03/28/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/03/28/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-04 13:15
Modified
2024-11-21 05:01
Severity ?
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", matchCriteriaId: "CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F", versionEndExcluding: "4.2.8", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", matchCriteriaId: "CB8D7864-41B0-443E-96CF-B011B95223F0", versionEndExcluding: "4.3.100", versionStartIncluding: "4.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", matchCriteriaId: "EEA51D83-5841-4335-AF07-7A43C118CAAE", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", matchCriteriaId: "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", matchCriteriaId: "49ADE0C3-F75C-4EC0-8805-56013F0EB92C", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", matchCriteriaId: "D8FF625A-EFA3-43D1-8698-4A37AE31A07C", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", matchCriteriaId: "E3B99BBD-97FE-4615-905A-A614592226F8", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", matchCriteriaId: "E7A9AD3A-F030-4331-B52A-518BD963AB8A", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", matchCriteriaId: "C293B8BE-6691-4944-BCD6-25EB98CABC73", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", matchCriteriaId: "CEA650F8-2576-494A-A861-61572CA319D0", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", matchCriteriaId: "4ED21EE8-7CBF-4BC5-BFC3-185D41296238", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*", matchCriteriaId: "0BC62D4E-D519-458C-BE4E-10DDB73A97D3", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*", matchCriteriaId: "1C420117-862A-41A9-BAE8-8B3478FAEBC3", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*", matchCriteriaId: "4A484251-3220-498C-83FE-A04B013A31A4", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*", matchCriteriaId: "E0CE4157-852B-42ED-A77C-8A17B189432E", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", matchCriteriaId: "C76A0B44-13DE-4173-8D05-DA54F6A71759", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", matchCriteriaId: "1450241C-2F6D-4122-B33C-D78D065BA403", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", matchCriteriaId: "721AFD22-91D3-488E-A5E6-DD84C86E412B", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", matchCriteriaId: "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", matchCriteriaId: "41E44E9F-6383-4E12-AEDC-B653FEA77A48", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", matchCriteriaId: "466D9A37-2658-4695-9429-0C6BF4A631C2", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", matchCriteriaId: "99774181-5F12-446C-AC2C-DB1C52295EED", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", matchCriteriaId: "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*", matchCriteriaId: "99C71C00-7222-483B-AEFB-159337BD3C92", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*", matchCriteriaId: "75A9AA28-1B20-44BB-815C-7294A53E910E", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*", matchCriteriaId: "8C213794-111D-41F3-916C-AD97F731D600", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*", matchCriteriaId: "50811A7B-0379-4437-8737-B4C1ACBC9EFD", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*", matchCriteriaId: "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*", matchCriteriaId: "EE002C76-406D-4F22-B738-E17BDEA70BCC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", matchCriteriaId: "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ADB5D4C9-DA14-4188-9181-17336F9445F6", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90B7CFBF-761C-4EAA-A322-EF5E294AADED", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E74AAF52-1388-4BD9-B17B-3A6A32CA3608", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FC0460E-4695-44FB-99EE-28B2C957B760", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BD54A092-85A7-4459-9C69-19E6E24AC24B", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F813DBC-BA1E-4C73-AA11-1BD3F9508372", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "416B805F-799A-4466-AC5A-93D083A2ABBD", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.", }, { lang: "es", value: "ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x versiones anteriores a 4.3.100, permite a atacantes remotos causar una denegación de servicio (salida del demonio o cambio de hora del sistema) mediante la predicción de las marcas de tiempo de transmisión para su uso en paquetes falsificados. La víctima debe confiar en fuentes de tiempo IPv4 no autenticadas. Debe haber un atacante fuera de la ruta que pueda consultar el tiempo desde la instancia ntpd de la víctima", }, ], id: "CVE-2020-13817", lastModified: "2024-11-21T05:01:55.633", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-04T13:15:11.053", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.ntp.org/bin/view/Main/NtpBug3596", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.ntp.org/show_bug.cgi?id=3596", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-12", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200625-0004/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.ntp.org/bin/view/Main/NtpBug3596", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.ntp.org/show_bug.cgi?id=3596", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200625-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-330", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-22 22:15
Modified
2024-11-21 06:02
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update291:*:*:*:*:*:*", matchCriteriaId: "CC7644D5-EEA1-4FA8-8F5E-9C476DACF956", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update281:*:*:*:*:*:*", matchCriteriaId: "3484EAC9-2F68-4952-8F0B-D1B83B5956CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.10:*:*:*:*:*:*:*", matchCriteriaId: "5FCE2C42-BFFB-4E1E-9E37-07F334BA3C12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:16.0.0:*:*:*:*:*:*:*", matchCriteriaId: "16BDD043-0138-4F9E-A369-B1AA779CA4C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update281:*:*:*:*:*:*", matchCriteriaId: "6DFA7B46-AA37-4943-81A1-DF8C7F2CB038", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "058C7C4B-D692-49DE-924A-C2725A8162D3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0F0434A5-F2A1-4973-917C-A95F2ABE97D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "96DD93E0-274E-4C36-99F3-EEF085E57655", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "C5344C25-BD71-4228-903F-E419A4455F5F", versionEndIncluding: "11.0.10", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "4D1453F5-ABB5-48F8-9C1C-69EEEE3949A5", versionEndIncluding: "13.0.6", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "8602555C-1C07-4A4C-8DBB-5D304366A7E7", versionEndIncluding: "15.0.2", versionStartIncluding: "15", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*", matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*", matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*", matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*", matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*", matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*", matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*", matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*", matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*", matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*", matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*", matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*", matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*", matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*", matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*", matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*", matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*", matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*", matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*", matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:16:*:*:*:*:*:*:*", matchCriteriaId: "DCFB65CD-98D5-4024-86CF-130D70DC5A5F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).", }, { lang: "es", value: "Una vulnerabilidad en el producto Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Java SE: 7u291, 8u281, 11.0.10, 16; Java SE integrado: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 y 21.0.0.2. La vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Los ataques con éxito requieren la interacción humana de una persona diferente del atacante. Los ataques con éxito de esta vulnerabilidad pueden resultar en la creación, eliminación o modificación no autorizada del acceso a datos críticos o todos los datos accesibles de Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java que cargan y ejecutan código que no es confiable (p. Ej., Código que proviene de Internet) y dependen del sandbox de Java para su seguridad. CVSS 3.1 Puntuación Base 5.3 (Impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)", }, ], id: "CVE-2021-2163", lastModified: "2024-11-21T06:02:30.933", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "secalert_us@oracle.com", type: "Secondary", }, ], }, published: "2021-04-22T22:15:13.093", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-05", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4899", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-26 05:15
Modified
2024-11-21 06:48
Severity ?
Summary
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", matchCriteriaId: "75F3B6C3-9C14-4576-BF39-4A1D774A0979", versionEndExcluding: "2.9.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "5B3F8579-F907-4E15-A4D6-1459A6687594", versionEndExcluding: "15.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "29151647-DA19-4B1B-B1CD-2E05A712F941", versionEndExcluding: "15.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "1632ED85-FDBF-4E46-AF1A-15594CC8E946", versionEndExcluding: "10.15.7", versionStartIncluding: "10.15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:*:*:*:*:*:*:*", matchCriteriaId: "89161D20-EB9C-4EC0-8D82-75B27CE49264", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", matchCriteriaId: "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", matchCriteriaId: "0F441A43-1669-478D-9EC8-E96882DE4F9F", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*", matchCriteriaId: "D425C653-37A2-448C-BF2F-B684ADB08A26", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*", matchCriteriaId: "A54D63B7-B92B-47C3-B1C5-9892E5873A98", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*", matchCriteriaId: "3456176F-9185-4EE2-A8CE-3D989D674AB7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*", matchCriteriaId: "D337EE21-2F00-484D-9285-F2B0248D7A19", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*", matchCriteriaId: "012052B5-9AA7-4FD3-9C80-5F615330039D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*", matchCriteriaId: "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*", matchCriteriaId: "8E974DC6-F7D9-4389-9AF9-863F6E419CE6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*", matchCriteriaId: "156A6382-2BD3-4882-90B2-8E7CF6659E17", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*", matchCriteriaId: "49F537A0-DC42-4176-B22F-C80D179DD99D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "787E02EF-92F4-46E6-BB1E-0BF49C50A096", versionEndExcluding: "11.6.6", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "35154201-43EA-4C22-B0BA-D1A24C46D320", versionEndExcluding: "12.4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "4C98BE9E-8463-4CB9-8E42-A68DC0B20BD8", versionEndExcluding: "15.5", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "E8BAAD78-60FC-4EC3-B727-55F0C0969D6A", versionEndExcluding: "8.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "62347994-1353-497C-9C4A-D5D8D95F67E8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*", matchCriteriaId: "D39DCAE7-494F-40B2-867F-6C6A077939DD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", matchCriteriaId: "61D7EF01-F618-497F-9375-8003CEA3D380", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "FEA64107-8025-4DC7-8222-F898ADEC6864", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "04E6C8E9-2024-496C-9BFD-4548A5B44E2E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A264E0DE-209D-49B1-8B26-51AB8BBC97F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4F4637E5-3324-441D-94E9-C2DBE9A6B502", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "74810125-09E6-4F27-B541-AFB61112AC56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "76CA1C43-5BEC-4ABF-9E0A-E55D6C8311AB", versionEndIncluding: "8.0.29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.", }, { lang: "es", value: "El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF.\n", }, ], id: "CVE-2022-23308", lastModified: "2024-11-21T06:48:22.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-26T05:15:08.280", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/34", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/36", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/37", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-03", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220331-0008/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213253", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213254", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213255", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213256", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213257", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213258", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220331-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213253", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213254", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213258", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-28 07:15
Modified
2024-11-21 05:23
Severity ?
Summary
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "3C813A06-1A04-4DA9-956D-64839D617786", versionEndExcluding: "5.5.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.", }, { lang: "es", value: "Se detectó un problema en la función kmem_cache_alloc_bulk en el archivo mm/slub.c en el kernel de Linux versiones anteriores a 5.5.11. La slowpath carece del incremento de TID requerido, también se conoce como CID-fd4d9c7d0c71", }, ], id: "CVE-2020-29370", lastModified: "2024-11-21T05:23:55.823", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-28T07:15:11.600", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2022", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201218-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201218-0001/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-21 15:15
Modified
2024-11-21 07:00
Severity ?
Summary
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "C9B6EB2C-EF9B-44AF-B083-BF59B8107801", versionEndExcluding: "1.0.2zf", versionStartIncluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "5EAA5CAF-1DE6-4730-9E07-9E6594A5D6BF", versionEndExcluding: "1.1.1p", versionStartIncluding: "1.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "4188DBDA-354F-4939-904D-0A9F8A8AB703", versionEndExcluding: "3.0.4", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", matchCriteriaId: "C89891C1-DFD7-4E1F-80A9-7485D86A15B5", versionEndExcluding: "1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", matchCriteriaId: "4664B195-AF14-4834-82B3-0B2C98020EB6", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", matchCriteriaId: "75BC588E-CDF0-404E-AD61-02093A1DF343", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*", matchCriteriaId: "A334F7B4-7283-4453-BAED-D2E01B7F8A6E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "759D1A24-B23B-404E-AD39-F18D7DBAD501", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "361B791A-D336-4431-8F68-8135BEFFAEA2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*", matchCriteriaId: "80774A35-B0B8-4F9C-99CA-23849978D158", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D5CDADAB-72A5-4526-8432-E6C9AC56B29F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*", matchCriteriaId: "E64576DE-90F0-4F5E-9C82-AB745CFEDBB7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EF5AFE69-7990-4F80-9E63-D8AD58AA3A2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*", matchCriteriaId: "6415E28A-4EAC-4F7F-BD81-1A55CE8B6F40", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CAA3A789-79F7-4DC8-9722-3958A3162EB4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "18C138F0-706F-44A8-880E-133F66DE164A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CA79D39A-A5F2-4C44-A805-5113065F8C25", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*", matchCriteriaId: "4CA55FBD-6EBA-49C8-92BA-2B1BCCB18A3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "70ECC434-DF20-49A6-B4CF-D5CCA480E57D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*", matchCriteriaId: "232DC609-8023-41F9-8CE3-1B31CE2F2D93", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*", matchCriteriaId: "E5BAE3DB-F5EE-4AFB-A60E-FE8B809BDE66", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).", }, { lang: "es", value: "Además de una inyección de comandos de shell c_rehash identificada en CVE-2022-1292, se encontraron otras circunstancias en las que el script c_rehash no sanea adecuadamente los metacaracteres de shell para evitar la inyección de comandos mediante la revisión del código. Cuando fue corregida la CVE-2022-1292 no ha sido detectado que se presentan otros lugares en el script en los que los nombres de archivo de los certificados a los que es aplicado el hash son pasados posiblemente a un comando ejecutado mediante el shell. Este script es distribuido por algunos sistemas operativos de manera que es ejecutado automáticamente. En dichos sistemas operativos, un atacante podría ejecutar comandos arbitrarios con los privilegios del script. El uso del script c_rehash es considerado obsoleto y debe ser sustituido por la herramienta de línea de comandos OpenSSL rehash. Corregido en OpenSSL versión 3.0.4 (Afectados 3.0.0,3.0.1,3.0.2,3.0.3). Corregido en OpenSSL versión 1.1.1p (Afectado 1.1.1-1.1.1o). Corregido en OpenSSL versión 1.0.2zf (Afectado 1.0.2-1.0.2ze)", }, ], id: "CVE-2022-2068", lastModified: "2024-11-21T07:00:16.017", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-21T15:15:09.060", references: [ { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220707-0008/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5169", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20220621.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220707-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20220621.txt", }, ], sourceIdentifier: "openssl-security@openssl.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-08 05:15
Modified
2024-11-21 06:57
Severity ?
Summary
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220506-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220506-0006/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| fedoraproject | fedora | 35 | |
| netapp | active_iq_unified_manager | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "3004D9BF-0093-4C9C-8560-F3E91AFAE409", versionEndExcluding: "5.17.1", versionStartIncluding: "5.17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", matchCriteriaId: "E8F29E19-3A64-4426-A2AA-F169440267CC", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.", }, { lang: "es", value: "La función jbd2_journal_wait_updates en el archivo fs/jbd2/transaction.c en el kernel de Linux versiones anteriores a 5.17.1, presenta un uso de memoria previamente liberada causado por una condición de carrera transaction_t", }, ], id: "CVE-2022-28796", lastModified: "2024-11-21T06:57:57.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-08T05:15:07.067", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220506-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220506-0006/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-07 13:15
Modified
2025-04-23 18:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 11.0 | |
| netapp | clustered_data_ontap | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - | |
| netapp | bootstrap_os | - | |
| netapp | h300s | - | |
| netapp | h300s_firmware | - | |
| netapp | h500s | - | |
| netapp | h500s_firmware | - | |
| netapp | h700s | - | |
| netapp | h700s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410s_firmware | - | |
| apple | macos | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "A6ECDBA5-3DD5-4F58-9E05-14A4C7A4E44B", versionEndExcluding: "7.84.0", versionStartIncluding: "7.69.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "71E032AD-F827-4944-9699-BB1E6D4233FC", versionEndExcluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.", }, { lang: "es", value: "Cuando curl versiones anteriores a 7.84.0, guarda datos de cookies, alt-svc y hsts en archivos locales, hace que la operación sea atómica al finalizar la operación con un renombramiento de un nombre temporal al nombre final del archivo de destino. En esa operación de renombramiento, podría accidentalmente *ampliar* los permisos del archivo de destino, dejando el archivo actualizado accesible a más usuarios de los previstos", }, ], id: "CVE-2022-32207", lastModified: "2025-04-23T18:15:53.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-07-07T13:15:08.403", references: [ { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1573634", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213488", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1573634", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-840", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-276", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-12 05:15
Modified
2024-11-21 07:02
Severity ?
Summary
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node | - | |
| netapp | 8300_firmware | - | |
| netapp | 8300 | - | |
| netapp | 8700_firmware | - | |
| netapp | 8700 | - | |
| netapp | a400_firmware | - | |
| netapp | a400 | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "E0B62342-F287-4C6B-92AA-C1BC61DDAFFA", versionEndExcluding: "4.19.238", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8CB6E8F5-C2B1-46F3-A807-0F6104AC340F", versionEndExcluding: "5.4.189", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "6FB6A7BA-92AE-4423-9814-EBEED5876483", versionEndExcluding: "5.10.110", versionStartIncluding: "5.5.0", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "27C42AE8-B387-43E2-938A-E1C8B40BE6D5", versionEndExcluding: "5.15.33", versionStartIncluding: "5.11", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "D765FECA-B64D-4F49-9CD1-07C9337ADB2C", versionEndExcluding: "5.16.19", versionStartIncluding: "5.16.0", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "210C679C-CF84-44A3-8939-E629C87E54BF", versionEndExcluding: "5.17.2", versionStartIncluding: "5.17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4E73901F-666D-4D8B-BDFD-93DD2F70C74B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*", matchCriteriaId: "D0FD5AED-42CF-4918-B32C-D675738EF15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "34B25BEF-8708-4E2C-8BA6-EBCD5267EB04", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*", matchCriteriaId: "CE0F11D2-B5D9-46B4-BFC5-C86BC87D516A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "04E3BD77-8915-4FFC-8483-5DB5D610F829", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*", matchCriteriaId: "97E94ECB-BB51-4364-BEDD-8648C193196F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.", }, { lang: "es", value: "El kernel de Linux versiones anteriores a 5.17.2, maneja inapropiadamente los permisos de seccomp. La ruta de código PTRACE_SEIZE permite a atacantes omitir las restricciones previstas al establecer el flag PT_SUSPEND_SECCOMP", }, ], id: "CVE-2022-30594", lastModified: "2024-11-21T07:02:59.423", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-12T05:15:06.657", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2276", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220707-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5173", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170362/Linux-PT_SUSPEND_SECCOMP-Permission-Bypass-Ptracer-Death-Race.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2276", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee1fee900537b5d9560e9f937402de5ddc8412f3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/ee1fee900537b5d9560e9f937402de5ddc8412f3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220707-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5173", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-07 14:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| linux | linux_kernel | 5.1 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | enterprise_linux | 7.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | data_availability_services | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - | |
| broadcom | fabric_operating_system | - | |
| netapp | aff_a700s_firmware | - | |
| netapp | aff_a700s | - | |
| netapp | fas8300_firmware | - | |
| netapp | fas8300 | - | |
| netapp | fas8700_firmware | - | |
| netapp | fas8700 | - | |
| netapp | aff_a400_firmware | - | |
| netapp | aff_a400 | - | |
| netapp | h610s_firmware | - | |
| netapp | h610s | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "49884052-E8FD-49E4-A9F3-D0964EB0AC31", versionEndExcluding: "4.4.180", versionStartIncluding: "4.4", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "DF6AB36D-D9AC-4381-88AF-CC4FDA5EC98E", versionEndExcluding: "4.9.172", versionStartIncluding: "4.9", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B3562ABD-4F11-4BD1-9BBD-417B7BC9BCF3", versionEndExcluding: "4.14.115", versionStartIncluding: "4.14", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "48FBE002-61C1-4569-B850-E15BD2DBA143", versionEndExcluding: "4.19.38", versionStartIncluding: "4.19", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C23FEFDF-76B5-46C0-9481-CE70EBDB7BFE", versionEndExcluding: "5.0.11", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*", matchCriteriaId: "2258D313-BAF7-482D-98E0-79F2A448287B", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*", matchCriteriaId: "1578A37C-C7CC-4B36-8668-6A1AED63B0A8", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*", matchCriteriaId: "49BD6839-AB64-48DA-9D1D-18B4508AF652", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*", matchCriteriaId: "A1E5129A-F85C-432A-988D-6C3ED03EC04D", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc5:*:*:*:*:*:*", matchCriteriaId: "0669A9F1-3BFF-4E5A-BEF7-9F2A627CEF03", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc6:*:*:*:*:*:*", matchCriteriaId: "9CC18FCC-3F69-4A7E-9F29-4C4504E83B4D", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.1:rc7:*:*:*:*:*:*", matchCriteriaId: "12A5D914-5CEB-4D3F-A903-6F1FAD82A125", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "046FB51E-B768-44D3-AEB5-D857145CA840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.", }, { lang: "es", value: "Se detectó un problema en el archivo net/ipv4/sysctl_net_ipv4.c en el kernel de Linux versiones anteriores a 5.0.11. Se presenta un desbordamiento de enteros firmado del archivo net/ipv4/tcp_input.c en la función tcp_ack_update_rtt() cuando el espacio de usuario escribe un entero muy grande en /proc/sys/net/ipv4/tcp_min_rtt_wlen, lo que conlleva a una denegación de servicio o posiblemente a otro impacto no especificado, también se conoce como CID -19fad20d15a6.", }, ], id: "CVE-2019-18805", lastModified: "2024-11-21T04:33:36.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-07T14:15:11.067", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0740", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-07 13:15
Modified
2024-11-21 07:05
Severity ?
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "C157D010-3A81-4AAE-8FB6-51B559AF29B2", versionEndExcluding: "7.84.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "50FEE5FA-B141-4E5F-8673-363089262530", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "21A75847-54F1-453A-82D7-B6D2CB2DE7AA", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "EAC3EE40-4398-4337-B40E-8AACDF225BBF", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ECCD4A67-EA4B-47C7-83F8-5CCC18BC3C94", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E00E02E5-109C-44E7-8C20-BFEE7C739ADC", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "8A79836B-5EC1-40AF-8A57-9657EF6758E5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E1BC85A6-386C-43E9-9266-50F8C53C7362", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "FCB9BD17-7F1F-42E9-831F-EB907F9BC214", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6ACE6C40-E0BB-4D65-A76E-BCCA262AF2FD", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "10C7D54A-27B4-4195-8131-DD5380472A75", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9BFAB0B9-3C01-4066-B9CD-5A7C4A66AA3C", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*", matchCriteriaId: "E54AF1E6-0E52-447C-8946-18716D30EBE2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", }, { lang: "es", value: "curl versiones anteriores a 7.84.0, soporta algoritmos de compresión HTTP \"encadenados\", lo que significa que una respuesta al servidor puede ser comprimida múltiples veces y potencialmente con diferentes algoritmos. El número de \"eslabones\" aceptables en esta \"cadena de descompresión\" era ilimitado, lo que permitía a un servidor malicioso insertar un número prácticamente ilimitado de pasos de compresión. El uso de una cadena de descompresión de este tipo podía resultar en una \"bomba de malloc\", haciendo que curl acabara gastando enormes cantidades de memoria de montón asignada, o intentando y devolviendo errores de memoria", }, ], id: "CVE-2022-32206", lastModified: "2024-11-21T07:05:55.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-07T13:15:08.340", references: [ { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/02/15/3", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", }, { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1570651", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213488", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/02/15/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1570651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-24 14:15
Modified
2024-11-21 07:27
Severity ?
Summary
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libexpat_project | libexpat | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", matchCriteriaId: "262BCBEE-82AD-4ED4-A93E-9AE282BBE16C", versionEndIncluding: "2.4.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.", }, { lang: "es", value: "En libexpat versiones hasta 2.4.9, se presenta un uso de memoria previamente liberada causado por la destrucción excesiva de un DTD compartido en XML_ExternalEntityParserCreate en situaciones fuera de memoria", }, ], id: "CVE-2022-43680", lastModified: "2024-11-21T07:27:01.763", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-24T14:15:53.323", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/12/28/5", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/01/03/5", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/libexpat/libexpat/issues/649", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/libexpat/libexpat/pull/616", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/libexpat/libexpat/pull/650", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-38", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221118-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5266", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/12/28/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/01/03/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/libexpat/libexpat/issues/649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/libexpat/libexpat/pull/616", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/libexpat/libexpat/pull/650", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202210-38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221118-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5266", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-29 18:15
Modified
2024-11-21 05:02
Severity ?
Summary
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| openbsd | openssh | 8.4 | |
| openbsd | openssh | 8.5 | |
| openbsd | openssh | 8.6 | |
| netapp | aff_a700s_firmware | - | |
| netapp | aff_a700s | - | |
| netapp | active_iq_unified_manager | * | |
| netapp | hci_management_node | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "B2452B84-EA8F-417B-90E9-9698BB2FC7AB", versionEndExcluding: "8.4", versionStartIncluding: "5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:openbsd:openssh:8.4:-:*:*:*:*:*:*", matchCriteriaId: "36402AC7-DE9D-4010-9C9D-2FB8B6E838A3", vulnerable: true, }, { criteria: "cpe:2.3:a:openbsd:openssh:8.5:-:*:*:*:*:*:*", matchCriteriaId: "EB4C3D47-8B47-4F0A-89D4-87D9474A99B0", vulnerable: true, }, { criteria: "cpe:2.3:a:openbsd:openssh:8.6:-:*:*:*:*:*:*", matchCriteriaId: "CB66ECE1-715A-4074-9355-E3512F7BCDBB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.", }, { lang: "es", value: "El lado del cliente en OpenSSH versiones 5.7 hasta 8.4, presenta una Discrepancia Observable que conlleva a una filtración de información en la negociación del algoritmo. Esto permite a atacantes de tipo man-in-the-middle apuntar a unos intentos iniciales de conexión (donde ninguna clave de host para el servidor ha sido almacenada en caché por parte del cliente) NOTA: algunos informes afirman que las versiones 8.5 y 8.6 también están afectadas.", }, ], id: "CVE-2020-14145", lastModified: "2024-11-21T05:02:44.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-29T18:15:11.940", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/12/02/1", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://docs.ssh-mitm.at/CVE-2020-14145.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-35", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200709-0004/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/12/02/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://docs.ssh-mitm.at/CVE-2020-14145.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-35", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200709-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-27 15:15
Modified
2024-11-21 05:01
Severity ?
Summary
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*", matchCriteriaId: "7B0C3C64-D3B1-4B06-B792-F2E07743D0FE", versionEndExcluding: "3.32.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "41CD1160-B681-41EF-9EB4-06CE0F53C501", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A", versionEndIncluding: "12.0.3", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*", matchCriteriaId: "72F1A960-EBA5-4BDB-B629-20F0D2384562", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*", matchCriteriaId: "3198F822-43F8-4CB3-97F7-C2982FDA5CBD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.", }, { lang: "es", value: "En el archivo ext/fts3/fts3_snippet.c en SQLite versiones anteriores a la versión 3.32.0, tiene una desreferencia del puntero NULL por medio de una consulta en la función matchinfo() especialmente diseñada.", }, ], id: "CVE-2020-13632", lastModified: "2024-11-21T05:01:38.473", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-27T15:15:13.007", references: [ { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-26", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://sqlite.org/src/info/a4dd148928ea65bd", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://usn.ubuntu.com/4394-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sqlite.org/src/info/a4dd148928ea65bd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://usn.ubuntu.com/4394-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-15 17:15
Modified
2024-11-21 05:24
Severity ?
Summary
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xen | xen | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| netapp | hci_compute_node_bios | - | |
| netapp | hci_compute_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", matchCriteriaId: "98708CDE-265E-4841-B910-B632F7BAAC3E", versionEndIncluding: "4.14.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "E8A46162-F812-454B-BEE5-86FFF334B713", versionEndExcluding: "4.2", versionStartIncluding: "4.1.44", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "44273AF8-4713-4313-BA5B-3449B436CA98", versionEndExcluding: "4.4.254", versionStartIncluding: "4.4.80", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "91C418A5-0374-4773-B165-F7BE27B8801C", versionEndExcluding: "4.9.249", versionStartIncluding: "4.9.36", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "0F9F563E-A3F3-42B8-8439-C0B682A22AD8", versionEndExcluding: "4.12", versionStartIncluding: "4.11.9", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8EE40033-36B1-40CA-98BA-A7C929D96D20", versionEndExcluding: "4.14.213", versionStartIncluding: "4.12", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B30A823C-D837-4AD5-93D5-FB7EE26D5DF2", versionEndExcluding: "4.19.164", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "FAB8E014-9956-4F69-A3BF-A952FE61DF4F", versionEndExcluding: "5.4.86", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "CFEDD0B0-BD5D-45AA-A1E2-DB18D26E095D", versionEndExcluding: "5.10.4", versionStartIncluding: "5.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*", matchCriteriaId: "7C61DF9A-ABDE-44A2-A060-B088428D5064", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.", }, { lang: "es", value: "Se detectó un problema en el kernel de Linux versiones hasta 5.10.1, tal como es usado con Xen hasta 4.14.x. El backend del bloque PV del kernel de Linux espera que el controlador de subprocesos del kernel restablezca ring-)xenblkd a NULL cuando se detenga. Sin embargo, es posible que el controlador no tenga tiempo de ejecutarse si la interfaz alterna rápidamente entre los estados de conexión y desconexión. Como consecuencia, el backend del bloque puede reutiliza un puntero una vez liberado. Un invitado con mal comportamiento puede desencadenar un bloqueo de dom0 al conectar y desconectar continuamente una interfaz de bloque. No se puede descartar la escalada de privilegios y las fugas de información. Esto solo afecta a los Sistemas con un blkback de Linux", }, ], id: "CVE-2020-29569", lastModified: "2024-11-21T05:24:13.443", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-15T17:15:14.707", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-30", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4843", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://xenbits.xenproject.org/xsa/advisory-350.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://xenbits.xenproject.org/xsa/advisory-350.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "466E8514-77DE-442B-A416-897414E503AA", versionEndExcluding: "3.16.79", versionStartIncluding: "3.16", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "FFFFB7E1-E073-4F1D-BE6C-47BC329AB8AB", versionEndExcluding: "4.4.201", versionStartIncluding: "3.17", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "07F85281-8267-466C-A6C2-316BB0201848", versionEndExcluding: "4.9.201", versionStartIncluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F36AD3D1-719C-427A-B906-E8DA4D38A536", versionEndExcluding: "4.14.154", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "439D2F45-FE93-4C28-9BD9-4289B375BAAB", versionEndExcluding: "4.19.84", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "76866D41-FE21-4B5A-A2A0-DDBA43C04B9C", versionEndExcluding: "5.3.11", versionStartIncluding: "4.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*", matchCriteriaId: "78C99571-0F3C-43E6-84B3-7D80E045EF8E", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "5C0ADE5D-F91D-4E0D-B6C5-3511B19665F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5AF71C49-ADEF-4EE2-802C-6159ADD51355", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*", matchCriteriaId: "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*", matchCriteriaId: "24377899-5389-4BDC-AC82-0E4186F4DE53", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*", matchCriteriaId: "23FE83DE-AE7C-4313-88E3-886110C31302", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*", matchCriteriaId: "490B327B-AC20-419B-BB76-8AB6971304BB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*", matchCriteriaId: "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*", matchCriteriaId: "6CA74E8B-51E2-4A7C-8A98-0583D31134A6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*", matchCriteriaId: "7B64AB37-A1D9-4163-A51B-4C780361F1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*", matchCriteriaId: "7BE9C9D7-9CED-4184-A190-1024A6FB8C82", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*", matchCriteriaId: "B73D4C3C-A511-4E14-B19F-91F561ACB1B8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*", matchCriteriaId: "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*", matchCriteriaId: "039C3790-5AA2-4895-AEAE-CC84A71DB907", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*", matchCriteriaId: "B4592238-D1F2-43D6-9BAB-2F63ECF9C965", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*", matchCriteriaId: "0BA78068-80E9-4E49-9056-88EAB7E3682C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*", matchCriteriaId: "092F366C-E8B0-4BE5-B106-0B7A73B08D34", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*", matchCriteriaId: "E7992E92-B159-4810-B895-01A9B944058A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*", matchCriteriaId: "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "66EEA3CA-8CC7-4F0B-8204-6132D4114873", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", matchCriteriaId: "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.", }, { lang: "es", value: "Una pérdida de memoria en la función gs_can_open() en el archivo drivers/net/can/usb/gs_usb.c en el kernel de Linux versiones anteriores a la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función usb_submit_urb(), también se conoce como CID -fb5be6a7b486.", }, ], id: "CVE-2019-19052", lastModified: "2024-11-21T04:34:04.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:11.827", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4225-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4225-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4226-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4227-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4227-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4228-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4228-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/fb5be6a7b4863ecc44963bb80ca614584b6c7817", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4225-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4225-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4226-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4227-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4227-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4228-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4228-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-09 21:15
Modified
2024-11-21 05:00
Severity ?
Summary
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "CDB8BD32-CDED-49F6-9973-4CE2DC1F79A4", versionEndIncluding: "5.6.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "4B7DA42F-5D64-4967-A2D4-6210FE507841", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.", }, { lang: "es", value: "Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función sg_write, carece de una llamada a sg_remove_request en un determinado caso de fallo, también se conoce como CID-83c6f2390040.", }, ], id: "CVE-2020-12770", lastModified: "2024-11-21T05:00:15.243", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-09T21:15:11.163", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://lkml.org/lkml/2020/4/13/870", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4411-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4412-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4413-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4419-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83c6f2390040f188cc25b270b4befeb5628c1aee", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ES5C6ZCMALBEBMKNNCTBSLLSYGFZG3FF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IO5XIQSRI747P4RVVTNX7TUPEOCF4OPU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R54VC7B6MDYKP57AWC2HN7AUJYH62RKI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://lkml.org/lkml/2020/4/13/870", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4411-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4412-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4413-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4419-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4699", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-09 21:15
Modified
2024-11-21 05:00
Severity ?
Summary
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | a700s_firmware | - | |
| netapp | a700s | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h610c_firmware | - | |
| netapp | h610c | - | |
| netapp | h610s_firmware | - | |
| netapp | h610s | - | |
| netapp | h615c_firmware | - | |
| netapp | h615c | - | |
| oracle | sd-wan_edge | 8.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "CDB8BD32-CDED-49F6-9973-4CE2DC1F79A4", versionEndIncluding: "5.6.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "4B7DA42F-5D64-4967-A2D4-6210FE507841", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*", matchCriteriaId: "78C99571-0F3C-43E6-84B3-7D80E045EF8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.", }, { lang: "es", value: "Se detectó un problema en el kernel de Linux versiones hasta 5.6.11. La función btree_gc_coalesce en el archivo drivers/md/bcache/btree.c, presenta un punto muerto si se produce un fallo de la operación de coalescencia.", }, ], id: "CVE-2020-12771", lastModified: "2024-11-21T05:00:15.450", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-09T21:15:11.210", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "https://lkml.org/lkml/2020/4/26/87", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4462-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4463-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4465-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4483-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4485-1/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00071.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "https://lkml.org/lkml/2020/4/26/87", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4462-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4463-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4465-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4483-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4485-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-667", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "EB2904AC-AD7A-498D-8619-CBB421E9165D", versionEndIncluding: "5.3.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*", matchCriteriaId: "78C99571-0F3C-43E6-84B3-7D80E045EF8E", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "5C0ADE5D-F91D-4E0D-B6C5-3511B19665F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5AF71C49-ADEF-4EE2-802C-6159ADD51355", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*", matchCriteriaId: "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*", matchCriteriaId: "24377899-5389-4BDC-AC82-0E4186F4DE53", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*", matchCriteriaId: "23FE83DE-AE7C-4313-88E3-886110C31302", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*", matchCriteriaId: "490B327B-AC20-419B-BB76-8AB6971304BB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*", matchCriteriaId: "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*", matchCriteriaId: "6CA74E8B-51E2-4A7C-8A98-0583D31134A6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*", matchCriteriaId: "7B64AB37-A1D9-4163-A51B-4C780361F1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*", matchCriteriaId: "7BE9C9D7-9CED-4184-A190-1024A6FB8C82", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*", matchCriteriaId: "B73D4C3C-A511-4E14-B19F-91F561ACB1B8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*", matchCriteriaId: "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*", matchCriteriaId: "039C3790-5AA2-4895-AEAE-CC84A71DB907", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*", matchCriteriaId: "B4592238-D1F2-43D6-9BAB-2F63ECF9C965", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*", matchCriteriaId: "0BA78068-80E9-4E49-9056-88EAB7E3682C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*", matchCriteriaId: "092F366C-E8B0-4BE5-B106-0B7A73B08D34", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*", matchCriteriaId: "E7992E92-B159-4810-B895-01A9B944058A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*", matchCriteriaId: "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "66EEA3CA-8CC7-4F0B-8204-6132D4114873", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", matchCriteriaId: "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.", }, { lang: "es", value: "Dos pérdidas de memoria en la función rtl_usb_probe() en el archivo drivers/net/wireless/realtek/rtlwifi/usb.c en el kernel de Linux versiones hasta la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-3f9361695113.", }, ], id: "CVE-2019-19063", lastModified: "2024-11-21T04:34:06.637", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:12.547", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/10", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4254-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4254-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4284-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4285-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4287-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4287-2/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4254-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4254-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4284-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4285-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4287-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4287-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-11 05:15
Modified
2024-11-21 06:58
Severity ?
Summary
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| debian | debian_linux | 11.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "2A3398EE-92F2-4D11-AE56-12A63F3AF811", versionEndExcluding: "5.4.196", versionStartIncluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "29E8F4A8-0245-410B-A451-FF3789D4811C", versionEndExcluding: "5.10.117", versionStartIncluding: "5.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "DADAACF4-4A4D-4391-BC86-006141B25D65", versionEndExcluding: "5.15.41", versionStartIncluding: "5.11", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "ABBBA66E-0244-4621-966B-9790AF1EEB00", versionEndExcluding: "5.16.20", versionStartIncluding: "5.16", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AE420AC7-1E59-4398-B84F-71F4B4337762", versionEndExcluding: "5.17.3", versionStartIncluding: "5.17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.", }, { lang: "es", value: "El subsistema SUNRPC en el kernel de Linux versiones hasta 5.17.2, puede llamar a xs_xprt_free antes de asegurarse de que los sockets están en el estado deseado", }, ], id: "CVE-2022-28893", lastModified: "2024-11-21T06:58:09.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-11T05:15:07.700", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/3", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Patch", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/5", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220526-0002/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Patch", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/11/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220526-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5161", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-08 16:15
Modified
2024-11-21 05:11
Severity ?
Summary
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "4D0947DA-4A07-4C73-9FE7-7666734C568B", versionEndExcluding: "1.0.2x", versionStartIncluding: "1.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "BFE3E95C-90F0-48C0-A737-28AD6AC2BDB8", versionEndExcluding: "1.1.1i", versionStartIncluding: "1.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "A5553591-073B-45E3-999F-21B8BA2EEE22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B602F9E8-1580-436C-A26D-6E6F8121A583", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "77C3DD16-1D81-40E1-B312-50FBD275507C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "81DAC8C0-D342-44B5-9432-6B88D389584F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "B5B4A191-44AE-4C35-9164-19237D2CF013", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "A543B4F8-149A-48AB-B388-AB7FA2ECAC18", versionEndIncluding: "8.2.3", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:cz8.2:*:*:*:*:*:*:*", matchCriteriaId: "45F90ABB-2633-447C-B510-D63D9898BD67", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:cz8.3:*:*:*:*:*:*:*", matchCriteriaId: "22822A0F-A2C4-427A-931F-428D2C010ECD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*", matchCriteriaId: "62A561CF-09BE-4EDB-AAB7-4B057C0B0E44", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:cz8.2:*:*:*:*:*:*:*", matchCriteriaId: "58E8C3A9-1B8B-4D13-B0E9-DC620F619DD9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:cz8.3:*:*:*:*:*:*:*", matchCriteriaId: "5C880943-5A11-483E-9DA8-88D1D487BAA4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*", matchCriteriaId: "ECF63433-30CC-4E0D-B66A-FD160111763B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.2:*:*:*:*:*:*:*", matchCriteriaId: "662B8154-6FFA-4B63-B5AD-18B1CECB3AF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*", matchCriteriaId: "5F2BFCE3-D743-4AC6-8FEC-75CAF66BFB65", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*", matchCriteriaId: "B8D05530-BFC7-4652-B387-BC931F43AB5B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_session_manager:scz8.2.5:*:*:*:*:*:*:*", matchCriteriaId: "A200B074-61AF-4E1D-8F96-A73BECF81BC4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.1:*:*:*:*:*:*:*", matchCriteriaId: "83739D8B-EAA0-43CD-B0EB-278C2F65CA42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.2:*:*:*:*:*:*:*", matchCriteriaId: "2D3AD28E-4372-4B22-A0B9-B9BA7760E381", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*", matchCriteriaId: "4B317147-064A-4786-B3D6-CDE1653E067E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7582B307-3899-4BBB-B868-BC912A4D0109", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "61516569-C48F-4362-B334-8CA10EDB0EC2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.2:*:*:*:*:*:*:*", matchCriteriaId: "EC124081-4465-4A80-897A-1DAC1013915E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.3:*:*:*:*:*:*:*", matchCriteriaId: "B2AFC7C4-9FCC-425B-A010-F9EA0665753F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.4:*:*:*:*:*:*:*", matchCriteriaId: "FC109637-7BCA-4E9D-AC51-48D488E17E2B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*", matchCriteriaId: "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "937F66F5-F5BA-4156-82E0-EB2C99ABD41A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "BC0F8B31-F93B-40B6-9C06-A3996DC63829", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "4BCA7DD9-8599-4E43-9D82-999BE15483B9", versionEndExcluding: "9.2.5.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", matchCriteriaId: "0B1CAD50-749F-4ADB-A046-BF3585677A58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", matchCriteriaId: "16DEEDB2-E304-41A3-97DB-EDDFB16BE624", versionEndIncluding: "8.0.22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "B4335442-548B-48AB-A399-DB146C6A8705", versionEndIncluding: "5.7.32", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "B7EAD39D-A892-4667-89D9-F66A33EAF9B7", versionEndIncluding: "8.0.22", versionStartIncluding: "8.0.15", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "62347994-1353-497C-9C4A-D5D8D95F67E8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", matchCriteriaId: "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*", matchCriteriaId: "D39DCAE7-494F-40B2-867F-6C6A077939DD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "361B791A-D336-4431-8F68-8135BEFFAEA2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:ef600a_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5356D8E0-38AB-44F2-BA0A-F884C92222D1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:ef600a:-:*:*:*:*:*:*:*", matchCriteriaId: "44824034-DB0C-47AC-A32F-1EA373F30A61", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0D5DE972-F8B8-4964-943A-DA0BD18289D1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*", matchCriteriaId: "D4B1F59C-6ADA-4930-834F-2A8A8444F6AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "4ACF85D6-6B45-43DA-9C01-F0208186F014", versionEndExcluding: "6.0.9", vulnerable: true, }, { criteria: "cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "A87E730E-019C-4DCB-BA73-3994ECEF0C66", versionEndExcluding: "5.13.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "25A3180B-21AF-4010-9DAB-41ADFD2D8031", versionEndIncluding: "10.12.0", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "33081E31-5166-4064-91AA-951F5CD930D3", versionEndExcluding: "10.23.1", versionStartIncluding: "10.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "564ED5C8-50D7-413A-B88E-E62B6C07336A", versionEndIncluding: "12.12.0", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "58879E00-2C36-4C1B-9993-2422346624D3", versionEndExcluding: "12.20.1", versionStartIncluding: "12.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "428DCD7B-6F66-4F18-B780-5BD80143D482", versionEndIncluding: "14.14.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "2F2D8EEB-7A9E-472A-B820-A3C33CB93B61", versionEndExcluding: "14.15.4", versionStartIncluding: "14.15.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "1A868E7E-C25A-4B2A-BB37-7F2584ECB2D4", versionEndExcluding: "15.5.0", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).", }, { lang: "es", value: "El tipo GeneralName X.509 es un tipo genérico para representar diferentes tipos de nombres. Uno de esos tipos de nombres se conoce como EDIPartyName. OpenSSL proporciona una función GENERAL_NAME_cmp que compara diferentes instancias de GENERAL_NAME para ver si son iguales o no. Esta función se comporta incorrectamente cuando ambos GENERAL_NAME contienen un EDIPARTYNAME. Es posible que se produzca una desreferencia del puntero NULL y un bloqueo que conduzca a un posible ataque de denegación de servicio. El propio OpenSSL usa la función GENERAL_NAME_cmp para dos propósitos: 1) Comparación de nombres de puntos de distribución de CRL entre una CRL disponible y un punto de distribución de CRL insertado en un certificado X509 2) Al comparar que un firmante de token de respuesta de marca de tiempo coincide con el nombre de autoridad de marca de tiempo (expuesto por medio de las funciones API TS_RESP_verify_response y TS_RESP_verify_token) Si un atacante puede controlar ambos elementos que se están comparando, entonces ese atacante podría desencadenar un bloqueo. Por ejemplo, si el atacante puede engañar a un cliente o servidor para que compruebe un certificado malicioso con una CRL maliciosa, esto puede ocurrir. Tome en cuenta que algunas aplicaciones descargan automáticamente las CRL basadas en una URL insertada en un certificado. Esta comprobación ocurre antes de que se verifiquen las firmas en el certificado y la CRL. Las herramientas s_server, s_client y verify de OpenSSL tienen soporte para la opción \"-crl_download\" que implementa la descarga automática de CRL y se ha demostrado que este ataque funciona contra esas herramientas. Tome en cuenta que un error no relacionado significa que las versiones afectadas de OpenSSL no pueden analizar ni construir codificaciones correctas de EDIPARTYNAME. Sin embargo, es posible construir un EDIPARTYNAME malformado que el analizador de OpenSSL aceptará y, por lo tanto, desencadenará este ataque. Todas las versiones de OpenSSL 1.1.1 y 1.0.2 están afectadas por este problema. Otras versiones de OpenSSL no son compatibles y no se han comprobado. Corregido en OpenSSL versiones 1.1.1i (Afectado versiones 1.1.1-1.1.1h). Corregido en OpenSSL versiones 1.0.2x (Afectado versiones 1.0.2-1.0.2w). Sin embargo, es posible construir un EDIPARTYNAME malformado que el analizador de OpenSSL aceptará y, por lo tanto, desencadenará este ataque. Todas las versiones de OpenSSL 1.1.1 y 1.0.2 están afectadas por este problema. Otras versiones de OpenSSL no son compatibles y no se han comprobado. Corregido en OpenSSL versión 1.1.1i (Afectada versión 1.1.1-1.1.1h). Corregido en OpenSSL versión 1.0.2x (Afectada versión 1.0.2-1.0.2w). Sin embargo, es posible construir un EDIPARTYNAME malformado que el analizador de OpenSSL aceptará y, por lo tanto, desencadenará este ataque. Todas las versiones de OpenSSL 1.1.1 y 1.0.2 están afectadas por este problema. Otras versiones de OpenSSL no son compatibles y no se han comprobado. Corregido en OpenSSL versión 1.1.1i (Afectada versión 1.1.1-1.1.1h). Corregido en OpenSSL versión 1.0.2x (Afectada versión 1.0.2-1.0.2w)", }, ], id: "CVE-2020-1971", lastModified: "2024-11-21T05:11:45.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-08T16:15:11.730", references: [ { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/09/14/2", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676", }, { source: "openssl-security@openssl.org", url: "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E", }, { source: "openssl-security@openssl.org", url: "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202012-13", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201218-0005/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0002/", }, { source: "openssl-security@openssl.org", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4807", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20201208.txt", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-11", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-09", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/09/14/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202012-13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201218-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4807", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20201208.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2020-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2021-10", }, ], sourceIdentifier: "openssl-security@openssl.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-17 13:15
Modified
2025-04-03 20:28
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
References
Impacted products
{ cisaActionDue: "2022-06-10", cisaExploitAdd: "2021-12-10", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Linux Kernel Improper Privilege Management Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AA88B130-CD8A-4E14-A1F5-4D1DB031D60E", versionEndExcluding: "3.16.71", versionStartIncluding: "3.16.52", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "CD709672-0E6A-4086-8700-B6C2FDD8599C", versionEndExcluding: "4.2", versionStartIncluding: "4.1.39", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "19FB5FC5-740B-418F-B83A-3EA6095270C0", versionEndExcluding: "4.4.185", versionStartIncluding: "4.4.40", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "66431BA1-01B5-476A-B483-AE4E7B830BA7", versionEndExcluding: "4.9", versionStartIncluding: "4.8.16", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8A719867-AEB7-4E95-A1DE-B96EA092D9FE", versionEndExcluding: "4.9.185", versionStartIncluding: "4.9.1", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "00D95A2F-5B17-46D9-80D7-2E0D1779C2CE", versionEndExcluding: "4.14.133", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F921620B-E2A7-421F-8C89-016C51723C17", versionEndExcluding: "4.19.58", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "7049E422-0D4B-45FD-8B06-04BACD44A66E", versionEndExcluding: "5.1.17", versionStartIncluding: "4.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", matchCriteriaId: "B3293E55-5506-4587-A318-D1734F781C09", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:7.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "AA559D29-DF65-48AF-96DB-D20A50474758", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "2148300C-ECBD-4ED5-A164-79629859DD43", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*", matchCriteriaId: "CBF9BCF3-187F-410A-96CA-9C47D3ED6924", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*", matchCriteriaId: "782C86CD-1B68-410A-A096-E5170AD24DA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "77C61DDC-81F3-4E2D-9CAA-17A256C85443", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "B6B0DA79-DF12-4418-B075-F048C9E2979A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6D5DE3C5-B090-4CE7-9AF2-DEB379D7D5FC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "DF7275A1-8853-469E-939B-7533E9E8C499", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B92409A9-0D6B-4B7E-8847-1B63837D201F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "C5C5860E-9FEB-4259-92FD-A85911E2F99E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "CCE99A08-D6F7-4937-8154-65062BC88009", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "665DF1D3-EB88-4A17-B888-3B3CE298269B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", matchCriteriaId: "146A767F-DC04-454B-9913-17D3A2B5AAA4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.", }, { lang: "es", value: "En el kernel de Linux anterior a versión 5.1.17, ptrace_link en el archivo kernel/ptrace.c maneja inapropiadamente la grabación de las credenciales de un proceso que desea crear una relación de ptrace, que permite a los usuarios locales obtener acceso de root aprovechando determinados escenarios con un relación de proceso padre-hijo, donde un padre elimina los privilegios y llama a execve (permitiendo potencialmente el control por parte de un atacante). Un factor que contribuye es un problema de vida útil del objeto (que también puede causar un pánico). Otro factor que contribuye es el marcado incorrecto de una relación de ptrace como privilegiada, que puede ser explotada mediante (por ejemplo) el ayudante pkexec de Polkit con PTRACE_TRACEME. NOTA: deny_ptrace de SELinux puede ser una solución útil en algunos entornos.", }, ], id: "CVE-2019-13272", lastModified: "2025-04-03T20:28:35.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-07-17T13:15:10.687", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4093-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4094-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4095-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4117-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4118-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153663/Linux-PTRACE_TRACEME-Broken-Permission-Object-Lifetime-Handling.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154957/Linux-Polkit-pkexec-Helper-PTRACE_TRACEME-Local-Root.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156929/Linux-PTRACE_TRACEME-Local-Root.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2405", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2411", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1730895", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1140671", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGRK5LYWBJ4E4SRI4DKX367NHYSI3VOH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jul/33", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190806-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91025336?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4093-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4094-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4095-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4117-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4118-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4484", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-04 15:15
Modified
2024-11-21 05:27
Severity ?
Summary
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1911441 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1911441 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", matchCriteriaId: "7FF09EA1-994B-4950-B853-1FB4F936A162", versionEndExcluding: "2.34", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.", }, { lang: "es", value: "Se presenta un fallo en el archivo /bfd/pef.c de binutils. Un atacante que sea capaz de enviar un archivo de entrada diseñado para que sea procesado por el programa objdump podría causar una desreferencia del puntero null. La mayor amenaza de este fallo es la disponibilidad de la aplicación. Este fallo afecta a binutils versiones anteriores a la 2.34.", }, ], id: "CVE-2020-35495", lastModified: "2024-11-21T05:27:25.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-04T15:15:13.667", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911441", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-04 15:15
Modified
2024-11-21 05:27
Severity ?
Summary
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1911444 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1911444 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", matchCriteriaId: "7FF09EA1-994B-4950-B853-1FB4F936A162", versionEndExcluding: "2.34", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.", }, { lang: "es", value: "Se presenta un fallo en la función bfd_pef_scan_start_address() del archivo bfd/pef.c en binutils que podría permitir que un atacante que puede enviar un archivo diseñado para ser procesado por objdump cause una desreferencia del puntero NULL. La mayor amenaza de este fallo es la disponibilidad de la aplicación. Este fallo afecta a binutils versiones anteriores a la 2.34.", }, ], id: "CVE-2020-35496", lastModified: "2024-11-21T05:27:25.543", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-04T15:15:14.323", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911444", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-08 15:15
Modified
2024-11-21 04:55
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| opensuse | leap | 15.1 | |
| netapp | active_iq_unified_manager | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h610c_firmware | - | |
| netapp | h610c | - | |
| netapp | h610s_firmware | - | |
| netapp | h610s | - | |
| netapp | h615c_firmware | - | |
| netapp | h615c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "5835B8E0-83CB-4B09-A21A-3CB59AF41F62", versionEndExcluding: "5.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.", }, { lang: "es", value: "Se presenta un uso de la memoria previamente liberada en kernel versiones anteriores a 5.5, debido a una condición de carrera entre la liberación de ptp_clock y cdev durante la desasignación de recursos. Cuando un proceso (muy privilegiado) asigna un archivo de dispositivo ptp (como /dev/ptpX) y voluntariamente se va a dormir. Durante este tiempo, si el dispositivo subyacente es removido, puede causar una condición explotable a medida que el proceso se activa para terminar y limpiar todos los archivos adjuntos. El sistema se bloquea debido a que la estructura cdev no está siendo válida (ya que se ha liberado), lo cual señala el inode.", }, ], id: "CVE-2020-10690", lastModified: "2024-11-21T04:55:51.727", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.6, impactScore: 5.9, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-08T15:15:11.880", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4419-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4419-1/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-30 01:15
Modified
2024-11-21 04:34
Severity ?
Summary
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| netapp | active_iq_unified_manager | * | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "E2016EDA-9D6F-4284-B0C4-C6AC4E2D3C25", versionEndIncluding: "5.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.", }, { lang: "es", value: "La función relay_open en el archivo kernel/relay.c en el kernel de Linux versiones hasta 5.4.1, permite a usuarios locales causar una denegación de servicio (tal y como un bloqueo de retransmisión) al desencadenar un resultado NULL de alloc_percpu.", }, ], id: "CVE-2019-19462", lastModified: "2024-11-21T04:34:47.243", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-30T01:15:10.383", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { source: "cve@mitre.org", url: "https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210129-0004/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4425-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4439-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4440-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lore.kernel.org/lkml/20191129013745.7168-1-dja%40axtens.net/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210129-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://syzkaller-ppc64.appspot.com/bug?id=1c09906c83a8ea811a9e318c2a4f8e243becc6f8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://syzkaller-ppc64.appspot.com/bug?id=b05b4d005191cc375cdf848c3d4d980308d50531", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://syzkaller.appspot.com/bug?id=e4265490d26d6c01cd9bc79dc915ef0a1bf15046", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://syzkaller.appspot.com/bug?id=f4d1cb4330bd3ddf4a628332b4285407b2eedd7b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4425-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4439-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4440-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4699", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-19 18:15
Modified
2024-11-21 07:08
Severity ?
Summary
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:xalan-java:*:*:*:*:*:*:*:*", matchCriteriaId: "E406791B-F9FD-4E3F-831C-296D8F8FF9BE", versionEndIncluding: "2.7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "7D961E24-EA18-4217-B5F5-F847726D84E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "601D92C4-F71F-47E2-9041-5C286D2137F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B18FE85D-C53D-44E9-8992-715820D1264B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*", matchCriteriaId: "6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*", matchCriteriaId: "EB2A5440-7FA7-4A86-AA19-E2ABBD809B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*", matchCriteriaId: "9C0485FC-E4B2-464E-8228-1387AC5F353B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7AF3539B-0434-4310-AE88-F46864C7C20F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "F5CC9398-71B6-4480-95ED-EDCE838D157E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*", matchCriteriaId: "60614E43-090E-44D7-94AD-FFAE38FF111F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*", matchCriteriaId: "131E1C9E-721C-4176-B78B-69C01F90A9A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*", matchCriteriaId: "AD4BFA12-588A-4D8D-B45F-648A55EC674C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4EF9CFB1-CEC9-483E-BECF-618190C03944", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9", versionEndIncluding: "11.0.15", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "8CA6BC07-2BDA-4913-AF2B-FD2146B0E539", versionEndIncluding: "13.0.11", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "5A2E366B-549D-48C5-B3FB-AD0E8C75AE08", versionEndIncluding: "15.0.7", versionStartIncluding: "15", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "15FD6A0B-BB1A-4875-926C-AB1B6EC1A053", versionEndIncluding: "17.0.3", versionStartIncluding: "17", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*", matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*", matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*", matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*", matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*", matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*", matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*", matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*", matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*", matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*", matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*", matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*", matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*", matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*", matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*", matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*", matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*", matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*", matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*", matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*", matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*", matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*", matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*", matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*", matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*", matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*", matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*", matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*", matchCriteriaId: "56CBFC1F-C120-44F2-877A-C1C880AA89C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:azul:zulu:6.47:*:*:*:*:*:*:*", matchCriteriaId: "4E4633C4-E552-439D-8FE4-139E3A7956CD", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*", matchCriteriaId: "50C77346-8893-44F0-B0D1-5D4D30A9CA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*", matchCriteriaId: "63E58DE0-A96A-452E-986F-3BD2FEA7C723", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*", matchCriteriaId: "D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*", matchCriteriaId: "BD7A33EC-DE03-424F-9796-E5EA071FF6CD", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*", matchCriteriaId: "CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*", matchCriteriaId: "B6302149-28AA-481E-BC6C-87D05E73768A", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*", matchCriteriaId: "20DFD9D8-8648-40F7-81B8-04F852A337FA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", }, { lang: "es", value: "La biblioteca Apache Xalan Java XSLT es vulnerable a un problema de truncamiento de enteros cuando procesa hojas de estilo XSLT maliciosas. Esto puede usarse para corromper los archivos de clase Java generados por el compilador interno XSLTC y ejecutar código de bytes Java arbitrario. El proyecto Apache Xalan Java está inactivo y en proceso de ser retirado. No son esperadas futuras versiones de Apache Xalan Java que abordan este problema. Nota: Los tiempos de ejecución de Java (como OpenJDK) incluyen copias reempaquetadas de Xalan.", }, ], id: "CVE-2022-34169", lastModified: "2024-11-21T07:08:59.400", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-19T18:15:11.740", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/5", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/6", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/3", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/10/18/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/11/04/8", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/11/07/2", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { source: "security@apache.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { source: "security@apache.org", url: "https://security.gentoo.org/glsa/202401-25", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { source: "security@apache.org", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5256", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/07/19/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/07/20/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/10/18/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/11/04/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/11/07/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-681", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-04 15:15
Modified
2024-11-21 05:27
Severity ?
Summary
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1911439 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1911439 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", matchCriteriaId: "7FF09EA1-994B-4950-B853-1FB4F936A162", versionEndExcluding: "2.34", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.", }, { lang: "es", value: "Se presenta un fallo en el archivo /opcodes/tic4x-dis.c de binutils. Un atacante que puede enviar un archivo de entrada diseñado para que sea procesado por binutils podría causar el uso de la memoria no inicializada. La mayor amenaza es la disponibilidad de la aplicación con una menor amenaza para la confidencialidad de los datos. Este fallo afecta a binutils versiones anteriores a la 2.34.", }, ], id: "CVE-2020-35494", lastModified: "2024-11-21T05:27:25.210", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-04T15:15:13.200", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911439", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-908", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.5 | |
| oracle | graalvm | 21.3.1 | |
| oracle | graalvm | 22.0.0.2 | |
| oracle | java_se | 7u331 | |
| oracle | java_se | 8u321 | |
| oracle | java_se | 11.0.14 | |
| oracle | java_se | 17.0.2 | |
| oracle | java_se | 18 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_secure_agent | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | e-series_santricity_storage_manager | - | |
| netapp | e-series_santricity_web_services | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | oncommand_insight | - | |
| netapp | santricity_unified_manager | - | |
| netapp | solidfire | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| azul | zulu | 6.45 | |
| azul | zulu | 7.52 | |
| azul | zulu | 8.60 | |
| azul | zulu | 11.54 | |
| azul | zulu | 13.46 | |
| azul | zulu | 15.38 | |
| azul | zulu | 17.32 | |
| azul | zulu | 18.28 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "079F2588-2746-408B-9BB0-9A569289985B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "51600424-E294-41E0-9C8B-12D0C3456027", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "C3D12B98-032F-49A6-B237-E0CAD32D9A25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:7u331:*:*:*:*:*:*:*", matchCriteriaId: "C15F860C-6B33-4950-B443-E2A7D4639573", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:8u321:*:*:*:*:*:*:*", matchCriteriaId: "696E27A2-34A2-49A8-BEF4-61718D11DD2F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:11.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2A9F8A53-6CBE-45EF-A920-4D448B9CE31F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:17.0.2:*:*:*:*:*:*:*", matchCriteriaId: "00AC1B6D-9156-40A3-B606-845CCC33D724", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:18:*:*:*:*:*:*:*", matchCriteriaId: "022EC03C-1574-4421-9AB7-0EEF0D089322", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569", versionEndIncluding: "11.70.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*", matchCriteriaId: "850B5359-7804-406B-9DC9-D22D65ACEE40", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*", matchCriteriaId: "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*", matchCriteriaId: "6AC61C25-871B-4F6F-A5F0-77359F373681", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*", matchCriteriaId: "12A59E25-5ED3-4A6D-95F6-45750866E0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*", matchCriteriaId: "FC0DC492-706E-42FE-8757-71873B53C417", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*", matchCriteriaId: "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*", matchCriteriaId: "28D25E37-5479-4876-B46C-28FF87384852", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*", matchCriteriaId: "7AD8BF00-C510-4E63-8949-CB64E9043610", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", }, { lang: "es", value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una negación parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 3.7 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)", }, ], id: "CVE-2022-21443", lastModified: "2024-11-21T06:44:42.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, ], }, published: "2022-04-19T21:15:15.800", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { source: "secalert_us@oracle.com", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-10 14:15
Modified
2024-11-21 05:17
Severity ?
Summary
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F72C1942-EBF5-487F-886A-4EC86F75CB71", versionEndExcluding: "5.8.7", versionStartIncluding: "5.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.", }, { lang: "es", value: "La función get_gate_page en el archivo mm/gup.c en el kernel de Linux versiones 5.7.x y versiones 5.8.x anteriores a 5.8.7, permite una escalada de privilegios debido al conteo de referencias incorrecto (causado por el manejo inapropiado de una página de puerta) de la página de estructura que respalda la página vsyscall. El resultado es un subdesbordamiento del conteo. Esto puede ser desencadenado por cualquier proceso de 64 bits que pueda usar las funciones ptrace() o process_vm_readv(), también se conoce como CID-9fa2dd946743", }, ], id: "CVE-2020-25221", lastModified: "2024-11-21T05:17:41.827", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-10T14:15:17.590", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/09/10/4", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201001-0003/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/09/08/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/09/10/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/linus/8891adc61dce2a8a41fc0c23262b681c3ec4b73a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201001-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2020/09/08/4", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-672", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 21.3.1 | |
| oracle | graalvm | 22.0.0.2 | |
| oracle | jdk | 17.0.2 | |
| oracle | jdk | 18 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights | - | |
| netapp | e-series_santricity_os_controller | 11.0 | |
| netapp | e-series_santricity_storage_manager | - | |
| netapp | e-series_santricity_web_services | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | santricity_unified_manager | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node | - | |
| azul | zulu | 15.38 | |
| azul | zulu | 17.32 | |
| azul | zulu | 18.28 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "51600424-E294-41E0-9C8B-12D0C3456027", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "C3D12B98-032F-49A6-B237-E0CAD32D9A25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A29CF53D-7DDC-4B60-8232-6C173083101F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*", matchCriteriaId: "FBA091EC-B5A9-468D-B99C-BB6F333E7B64", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", matchCriteriaId: "E8F29E19-3A64-4426-A2AA-F169440267CC", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", matchCriteriaId: "26FCA75B-4282-4E0F-95B4-640A82C8E91C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:*:*:*", matchCriteriaId: "680ECEAE-D73F-47D2-8AF8-7704469CF3EA", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*", matchCriteriaId: "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*", matchCriteriaId: "28D25E37-5479-4876-B46C-28FF87384852", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*", matchCriteriaId: "7AD8BF00-C510-4E63-8949-CB64E9043610", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, { lang: "es", value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Bibliotecas). Las versiones afectadas son Oracle Java SE: 17.0.2 y 18; Oracle GraalVM Enterprise Edition: 21.3.1 y 22.0.0.2. La vulnerabilidad fácilmente explotable permite a un atacante no autentificado con acceso a la red a través de múltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creación no autorizada, la eliminación o el acceso a la modificación de datos críticos o todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con caja de arena, que cargan y ejecutan código no fiable (por ejemplo, código procedente de Internet) y que dependen de la caja de arena de Java para su seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, a través de un servicio web que suministra datos a las APIs. Puntuación de base CVSS 3.1: 7,5 (impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)", }, ], id: "CVE-2022-21449", lastModified: "2024-11-21T06:44:43.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2022-04-19T21:15:16.127", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/3", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/4", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/5", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/6", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/7", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/29/1", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/1", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/3", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/4", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/05/01/1", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/05/01/2", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/05/02/1", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/28/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/29/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/04/30/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/05/01/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/05/01/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/05/02/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-14 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", matchCriteriaId: "61666FBE-C3B7-4449-89C3-07288182D638", versionEndExcluding: "7.74.0", versionStartIncluding: "7.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4BC4299D-05D3-4875-BC79-C3DC02C88ECE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "B0E97851-4DFF-4852-A339-183331F4ACBC", versionEndExcluding: "10.14.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "DB8A73F8-3074-4B32-B9F6-343B6B1988C5", versionEndExcluding: "10.15.7", versionStartIncluding: "10.15", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*", matchCriteriaId: "63940A55-D851-46EB-9668-D82BEFC1FE95", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*", matchCriteriaId: "68C7A97A-3801-44FA-96CA-10298FA39883", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*", matchCriteriaId: "6D69914D-46C7-4A0E-A075-C863C1692D33", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*", matchCriteriaId: "9CDB4476-B521-43E4-A129-8718A8E0A8CD", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*", matchCriteriaId: "9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", matchCriteriaId: "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", matchCriteriaId: "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", matchCriteriaId: "0F441A43-1669-478D-9EC8-E96882DE4F9F", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*", matchCriteriaId: "C1C795B9-E58D-467C-83A8-2D45C792292F", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "4E699CCC-31F5-458E-A59C-79B3AF143747", versionEndExcluding: "11.3", versionStartIncluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "4479F76A-4B67-41CC-98C7-C76B81050F8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*", matchCriteriaId: "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ADB5D4C9-DA14-4188-9181-17336F9445F6", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90B7CFBF-761C-4EAA-A322-EF5E294AADED", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E74AAF52-1388-4BD9-B17B-3A6A32CA3608", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A107698C-9C63-44A9-8A2B-81EDD5702B4C", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FC0460E-4695-44FB-99EE-28B2C957B760", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BD54A092-85A7-4459-9C69-19E6E24AC24B", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F813DBC-BA1E-4C73-AA11-1BD3F9508372", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "416B805F-799A-4466-AC5A-93D083A2ABBD", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.", }, { lang: "es", value: "curl versiones 7.21.0 hasta 7.73.0 e incluyéndola, es vulnerable a una recursividad no controlada debido a un problema de desbordamiento de la pila en el análisis de coincidencias del comodín FTP", }, ], id: "CVE-2020-8285", lastModified: "2024-11-21T05:38:39.410", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-14T20:15:13.983", references: [ { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/51", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2020-8285.html", }, { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/curl/curl/issues/6255", }, { source: "support@hackerone.com", tags: [ "Permissions Required", ], url: "https://hackerone.com/reports/1045844", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202012-14", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212325", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212326", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212327", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/51", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2020-8285.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/curl/curl/issues/6255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://hackerone.com/reports/1045844", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202012-14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212326", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-674", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-29 18:15
Modified
2024-11-21 04:59
Severity ?
Summary
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "4F9567FB-F394-443B-9A95-1DA060A9CCA6", versionEndExcluding: "3.16.85", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "37309B4F-90F2-4B13-A8F4-5A9F0FE59052", versionEndExcluding: "4.4.221", versionStartIncluding: "3.17", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "89728144-CE11-450A-A8ED-3C0606DB6806", versionEndExcluding: "4.9.221", versionStartIncluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "1E600389-8ACB-4C7B-A74A-3A8343ACE6D4", versionEndExcluding: "4.14.178", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C0FB4B86-B8D8-473E-8D1D-3C058D143AF6", versionEndExcluding: "4.19.119", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "0ABDE4F3-29C6-459E-B0B7-751B93447AF0", versionEndExcluding: "5.4.36", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "D62C084A-6676-40AF-868A-D90CDFAB7DDD", versionEndExcluding: "5.6.8", versionStartIncluding: "5.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", matchCriteriaId: "27227B35-932A-4035-B39F-6A455753C0D6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*", matchCriteriaId: "489D20B9-166F-423D-8C48-A23D3026E33B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", matchCriteriaId: "A4AD592C-222D-4C6F-B176-8145A1A5AFEC", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", matchCriteriaId: "8603654B-A8A9-4DEB-B0DD-C82E1C885749", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*", matchCriteriaId: "78BE572F-45C1-467F-918F-FB1276F6B495", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", matchCriteriaId: "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*", matchCriteriaId: "646FFC2B-6DC4-4BD8-AAE0-81895D397700", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*", matchCriteriaId: "C855C933-F271-45E6-8E85-8D7CF2EF1BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*", matchCriteriaId: "855D6A52-F96F-4CA0-A59C-4D42173F22E1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.", }, { lang: "es", value: "a función usb_sg_cancel en el archivo drivers/usb/core/message.c en el kernel de Linux versiones anteriores a la versión 5.6.8, tiene un uso de la memoria previamente liberada porque se produce una transferencia sin una referencia, también se conoce como CID-056ad39ee925.", }, ], id: "CVE-2020-12464", lastModified: "2024-11-21T04:59:45.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-29T18:15:13.597", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://lkml.org/lkml/2020/3/23/52", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://patchwork.kernel.org/patch/11463781/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4387-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4388-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4389-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4390-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://usn.ubuntu.com/4391-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=056ad39ee9253873522f6469c3364964a322912b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/056ad39ee9253873522f6469c3364964a322912b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://lkml.org/lkml/2020/3/23/52", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://patchwork.kernel.org/patch/11463781/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4387-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4388-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4389-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4390-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://usn.ubuntu.com/4391-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.debian.org/security/2020/dsa-4699", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "22BF102C-6F4F-4F6F-BDC4-CA17FDC10DF5", versionEndExcluding: "5.3.16", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "989D0C5E-C0BF-49D8-86E2-91A93238FD1E", versionEndExcluding: "5.4.3", versionStartIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.5:rc1:*:*:*:*:*:*", matchCriteriaId: "17CCD88F-373D-4BB5-B62E-8B55B05E2C31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "046FB51E-B768-44D3-AEB5-D857145CA840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1.", }, { lang: "es", value: "Una pérdida de memoria en la función crypto_reportstat() en el archivo crypto/crypto_user_stat.c en el kernel de Linux versiones hasta 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función crypto_reportstat_alg(), también se conoce como CID-c03b04dcdba1.", }, ], id: "CVE-2019-19050", lastModified: "2024-11-21T04:34:04.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:11.700", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4258-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4284-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/c03b04dcdba1da39903e23cc4d072abf8f68f2dd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4258-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4284-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-12 18:15
Modified
2024-11-21 05:39
Severity ?
Summary
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:microcode:-:*:*:*:*:*:*:*", matchCriteriaId: "B78FF9EC-BB2A-4352-9BE7-EFA749C99A9D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:core_i3-1000g1:-:*:*:*:*:*:*:*", matchCriteriaId: "6DAA00D4-A8AA-44AA-9609-0A40BD4FB2E0", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i3-1000g4:-:*:*:*:*:*:*:*", matchCriteriaId: "EF64D95C-653A-4864-A572-CD0A64B6CDF3", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i3-1005g1:-:*:*:*:*:*:*:*", matchCriteriaId: "30B2F570-1DD9-49C7-BB72-0EA0E9A417C4", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i3-1110g4:-:*:*:*:*:*:*:*", matchCriteriaId: "2C60AF0D-983D-454E-8940-209C471DC041", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i3-1115g4:-:*:*:*:*:*:*:*", matchCriteriaId: "9F26C6DA-ED6B-444A-A63A-5155FCA4F0DB", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i3-1120g4:-:*:*:*:*:*:*:*", matchCriteriaId: "B0D9B687-C3EE-4AF5-B9BE-7F0698D0F258", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i3-1125g4:-:*:*:*:*:*:*:*", matchCriteriaId: "114DF43C-839F-4066-AA30-8DC16B1D6687", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i5-1030g4:-:*:*:*:*:*:*:*", matchCriteriaId: "F5F6F725-217C-48FF-86DD-E91A24156121", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i5-1030g7:-:*:*:*:*:*:*:*", matchCriteriaId: "365696BF-CE3D-4CE6-92A8-413DDE43774E", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i5-1035g1:-:*:*:*:*:*:*:*", matchCriteriaId: "BE048AEB-094D-4102-9DBF-488FEB53FF89", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i5-1035g4:-:*:*:*:*:*:*:*", matchCriteriaId: "3907FA31-6F1A-45BA-ACF3-1C8EE05D9BA0", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i5-1035g7:-:*:*:*:*:*:*:*", matchCriteriaId: "D48D9F5F-95BD-4F6B-8A37-D1CAA7D2DB25", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i5-1130g7:-:*:*:*:*:*:*:*", matchCriteriaId: "158CC66D-32E5-4396-8E5D-4D90EE9AB62C", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i5-1135g7:-:*:*:*:*:*:*:*", matchCriteriaId: "E84F0381-296A-408E-90D4-A316EE894A9D", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i7-1060g7:-:*:*:*:*:*:*:*", matchCriteriaId: "B6CDC1BE-6A64-425C-AF2C-7DFB28FB604A", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i7-1065g7:-:*:*:*:*:*:*:*", matchCriteriaId: "2243674B-E505-4FED-B063-953A1569EA30", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i7-1160g7:-:*:*:*:*:*:*:*", matchCriteriaId: "D8F5409D-23C7-4CA9-951C-8EEEAE31DFDE", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i7-1165g7:-:*:*:*:*:*:*:*", matchCriteriaId: "5601E40A-96E1-4321-9682-055A1C607488", vulnerable: false, }, { criteria: "cpe:2.3:h:intel:core_i7-1185g7:-:*:*:*:*:*:*:*", matchCriteriaId: "12ADA9A2-6E64-4F17-B369-816639F0D3BF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*", matchCriteriaId: "7C61DF9A-ABDE-44A2-A060-B088428D5064", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_storage_node_bios:-:*:*:*:*:*:*:*", matchCriteriaId: "17C3B32E-E1F2-446A-B8AE-5F3E285BD5B2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_bios:-:*:*:*:*:*:*:*", matchCriteriaId: "C3BCF7CA-6C05-4FD5-A965-0F038F63D70A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "B4588E5F-58E1-4C82-9551-8EAD5FFE08B3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F5320759-AAAB-4FEA-99AB-51A7F7EE9F58", versionEndExcluding: "22.01.08", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*", matchCriteriaId: "506DEE00-30D2-4E29-9645-757EB8778C0F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "480C5657-5C05-40F5-B76A-E67119727ED8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*", matchCriteriaId: "8F3C3E60-7C36-4F5D-B454-97C9D0FD9459", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8F6CA254-45AF-497D-9D1D-0CF4A8922883", versionEndExcluding: "21.01.15", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*", matchCriteriaId: "A40D0CDB-7BE6-491F-B730-3B4E10CA159A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5AECF7C4-3FF7-4663-A49C-9DB91BA5C28E", versionEndExcluding: "21.01.15", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*", matchCriteriaId: "FDF9D4C3-1892-48FA-95B4-835B636A4005", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "26B17683-E061-4CB9-BB8E-9EC8612DA1A1", versionEndExcluding: "21.01.15", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*", matchCriteriaId: "3FC5CE20-7D08-4496-A857-C3A4BD0AB1AC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "6779ADD8-298D-4FF4-8AD3-82E995B2E144", versionEndExcluding: "25.02.08", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*", matchCriteriaId: "9D9AF082-8345-4BE1-B1FC-6E0316BB833B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5D3BECCA-5783-4B3C-B659-21160B4D2726", versionEndExcluding: "25.02.08", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*", matchCriteriaId: "E430C4C5-D887-47C6-B50F-66EEE9519151", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BF2E9EAA-2D26-4271-B2A3-CA3BB71D0149", versionEndExcluding: "25.02.08", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*", matchCriteriaId: "5F9FA42D-B2F0-456F-89B7-6A5789787FBA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C5CB316-59B9-4DDB-A8B8-14D8BCD991CE", versionEndExcluding: "25.02.08", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*", matchCriteriaId: "1157418C-14C4-43C4-B63E-7E98D868A94F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4ABF49D4-34CE-4DEA-AA2E-A40A53472D1F", versionEndExcluding: "23.01.08", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*", matchCriteriaId: "187C6D51-5B86-484D-AE0F-26D1C9465580", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", }, { lang: "es", value: "Un aislamiento inapropiado de los recursos compartidos en algunos Intel® Processors, puede habilitar a un usuario autenticado para permitir potencialmente una divulgación de información por medio de un acceso local", }, ], id: "CVE-2020-8698", lastModified: "2024-11-21T05:39:17.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-12T18:15:16.783", references: [ { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html", }, { source: "secure@intel.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201113-0006/", }, { source: "secure@intel.com", tags: [ "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201113-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-05 07:15
Modified
2024-11-21 07:14
Severity ?
Summary
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*", matchCriteriaId: "59A031AE-1A48-4E95-A632-B0CBD2A8048D", versionEndIncluding: "1.2.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", matchCriteriaId: "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "86B51137-28D9-41F2-AFA2-3CC22B4954D1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "46D91788-9173-4FA2-A956-18286461B859", versionEndExcluding: "15.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "0C42DEF1-164C-42F0-932E-A6B2F4CD8557", versionEndExcluding: "15.7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "707AECD3-BB9B-4AFA-8D87-FDFB79A9EB89", versionEndExcluding: "16.1", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "D832A844-E337-4151-83EF-FAEF32377223", versionEndExcluding: "11.7.1", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "5A9B7134-E932-4E1C-81D8-A87C3FC1F685", versionEndExcluding: "12.6.1", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "32BABE0E-193A-4A4D-96E9-84BB48649C9A", versionEndExcluding: "9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", matchCriteriaId: "EFA72DD0-7FAB-4D00-8D9D-5F8527DB9995", versionEndExcluding: "3.7.34", versionStartIncluding: "3.7.31", vulnerable: true, }, { criteria: "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", matchCriteriaId: "1206C911-91FF-4E9A-820C-6635CAB523C1", versionEndExcluding: "3.11.22", versionStartIncluding: "3.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", matchCriteriaId: "39D11018-C7F4-4BCB-A295-5296F8CB8F0B", versionEndExcluding: "4.3.16", versionStartIncluding: "4.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", matchCriteriaId: "DF87CF3B-17D9-4B12-86FD-DD1633177BA9", versionEndExcluding: "4.6.3", versionStartIncluding: "4.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", }, { lang: "es", value: "zlib versiones hasta 1.2.12, presenta una lectura excesiva de búfer en la región heap de la memoria o desbordamiento de búfer en el archivo inflate.c por medio de un campo extra del encabezado gzip. NOTA: sólo están afectadas las aplicaciones que llaman a inflateGetHeader. Algunas aplicaciones comunes agrupan el código fuente de zlib afectado pero pueden ser incapaces de llamar a inflateGetHeader (por ejemplo, véase la referencia nodejs/node)", }, ], id: "CVE-2022-37434", lastModified: "2024-11-21T07:14:59.070", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-05T07:15:07.240", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/37", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/38", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/42", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/08/05/2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/08/09/1", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/curl/curl/issues/9271", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ivd38/zlib_overflow", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0005/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230427-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213488", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213489", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213490", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213491", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213493", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213494", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/38", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/08/05/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/08/09/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/curl/curl/issues/9271", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ivd38/zlib_overflow", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20230427-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213489", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213490", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213491", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5218", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "EB2904AC-AD7A-498D-8619-CBB421E9165D", versionEndIncluding: "5.3.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "5C0ADE5D-F91D-4E0D-B6C5-3511B19665F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5AF71C49-ADEF-4EE2-802C-6159ADD51355", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*", matchCriteriaId: "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*", matchCriteriaId: "24377899-5389-4BDC-AC82-0E4186F4DE53", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*", matchCriteriaId: "23FE83DE-AE7C-4313-88E3-886110C31302", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*", matchCriteriaId: "490B327B-AC20-419B-BB76-8AB6971304BB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*", matchCriteriaId: "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*", matchCriteriaId: "6CA74E8B-51E2-4A7C-8A98-0583D31134A6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*", matchCriteriaId: "7B64AB37-A1D9-4163-A51B-4C780361F1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*", matchCriteriaId: "7BE9C9D7-9CED-4184-A190-1024A6FB8C82", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*", matchCriteriaId: "B73D4C3C-A511-4E14-B19F-91F561ACB1B8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*", matchCriteriaId: "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*", matchCriteriaId: "039C3790-5AA2-4895-AEAE-CC84A71DB907", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*", matchCriteriaId: "B4592238-D1F2-43D6-9BAB-2F63ECF9C965", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*", matchCriteriaId: "0BA78068-80E9-4E49-9056-88EAB7E3682C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*", matchCriteriaId: "092F366C-E8B0-4BE5-B106-0B7A73B08D34", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*", matchCriteriaId: "E7992E92-B159-4810-B895-01A9B944058A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*", matchCriteriaId: "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "66EEA3CA-8CC7-4F0B-8204-6132D4114873", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", matchCriteriaId: "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.", }, { lang: "es", value: "Dos fugas de memoria en la función mwifiex_pcie_init_evt_ring() en el archivo drivers/net/wireless/marvell/mwifiex/pcie.c en el kernel de Linux versiones hasta la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función mwifiex_map_pci_memory(), también se conoce como CID-d10dcb615c8e.", }, ], id: "CVE-2019-19057", lastModified: "2024-11-21T04:34:05.587", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:12.140", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/10", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4254-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4254-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4284-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4285-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4287-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4287-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/d10dcb615c8e29d403a24d35f8310a7a53e3050c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4254-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4254-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4284-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4285-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4287-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4287-2/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-03 19:15
Modified
2024-11-21 06:38
Severity ?
Summary
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "006C09FF-C563-403E-8723-2A252C409D82", versionEndExcluding: "4.9.301", versionStartIncluding: "2.6.24", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C53477E7-1AB3-4CCB-BA3A-8CA6D288B41B", versionEndExcluding: "4.14.266", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "E67EAACB-63BB-41E7-9FE0-EC45ECD8CFD0", versionEndExcluding: "4.19.229", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B42832A3-1D9B-4BE0-8D4C-3AF681B52D98", versionEndExcluding: "5.4.177", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "FB2BE440-BF07-4C49-9A0C-A63E4FA103A1", versionEndExcluding: "5.10.97", versionStartIncluding: "5.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C68FC5B4-CC13-45E9-8050-EF9025F7A9B7", versionEndExcluding: "5.15.20", versionStartIncluding: "5.11", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "6739D89E-32C3-479D-B5F6-6865C5061FA5", versionEndExcluding: "5.16.6", versionStartIncluding: "5.16", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", matchCriteriaId: "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*", matchCriteriaId: "E6E34B23-78B4-4516-9BD8-61B33F4AC49A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*", matchCriteriaId: "93A089E2-D66E-455C-969A-3140D991BAF4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder:8.2:*:*:*:*:*:*:*", matchCriteriaId: "AF2FF4AA-3027-4F30-9F2A-3E820BBA8BF0", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "5F48D0CB-CB06-4456-B918-6549BC6C7892", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.2:*:*:*:*:*:*:*", matchCriteriaId: "5F15192F-C162-4D4F-ABBC-7CE66BD923A2", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BB28F9AF-3D06-4532-B397-96D7E4792503", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", matchCriteriaId: "87C21FE1-EA5C-498F-9C6C-D05F91A88217", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.0:*:*:*:*:*:*:*", matchCriteriaId: "4AE1552C-9398-4952-AD8C-777DF9587043", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", matchCriteriaId: "47811209-5CE5-4375-8391-B0A7F6A0E420", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0:*:*:*:*:*:*:*", matchCriteriaId: "2FD90EA8-3C35-48E1-A3B5-FEB6E3207E62", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C5C134ED-8708-42B5-8138-AEA47ED9CBB6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "77C61DDC-81F3-4E2D-9CAA-17A256C85443", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.0:*:*:*:*:*:*:*", matchCriteriaId: "5C3BAE34-5AFC-4EED-B6C0-5CC47CDFB416", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B92409A9-0D6B-4B7E-8847-1B63837D201F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", matchCriteriaId: "48C2E003-A71C-4D06-B8B3-F93160568182", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3921C1CF-A16D-4727-99AD-03EFFA7C91CA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", matchCriteriaId: "359012F1-2C63-415A-88B8-6726A87830DE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad en la función cgroup_release_agent_write en el archivo kernel/cgroup/cgroup-v1.c del kernel de Linux. Este fallo, bajo determinadas circunstancias, permite el uso de la función cgroups v1 release_agent para escalar privilegios y saltarse el aislamiento del espacio de nombres de forma no esperada", }, ], id: "CVE-2022-0492", lastModified: "2024-11-21T06:38:46.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-03T19:15:08.633", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051505", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220419-0002/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5095", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051505", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220419-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5096", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-01 18:15
Modified
2024-11-21 05:50
Severity ?
Summary
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | libcurl | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - | |
| broadcom | fabric_operating_system | - | |
| debian | debian_linux | 9.0 | |
| siemens | sinec_infrastructure_network_services | * | |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 | |
| oracle | essbase | 21.2 | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", matchCriteriaId: "E7911980-1217-467C-8423-6D8928FACF70", versionEndIncluding: "7.75.0", versionStartIncluding: "7.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "046FB51E-B768-44D3-AEB5-D857145CA840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*", matchCriteriaId: "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.", }, { lang: "es", value: "curl versiones 7.1.1 hasta 7.75.0 incluyéndola, es vulnerable a una \"Exposure of Private Personal Information to an Unauthorized Actor\" al filtrar credenciales en el encabezado HTTP Referer:. libcurl no elimina las credenciales de usuario de la URL cuando completa automáticamente el campo de encabezado de petición HTTP Referer: en peticiones HTTP salientes y, por lo tanto, corre el riesgo de filtrar datos confidenciales al servidor que es el objetivo de la segunda petición HTTP.", }, ], id: "CVE-2021-22876", lastModified: "2024-11-21T05:50:49.030", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-01T18:15:12.823", references: [ { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "support@hackerone.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2021-22876.html", }, { source: "support@hackerone.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/1101882", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-36", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210521-0007/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2021-22876.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/1101882", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210521-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-359", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Severity ?
Summary
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | element_software | - | |
| netapp | hci_storage_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "899BD8D1-E0DF-40D5-AE89-966542B4F09E", versionEndExcluding: "5.12.19", versionStartIncluding: "5.11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8C97AEB3-19D7-4AD5-AE45-466EC5444F87", versionEndExcluding: "5.13.4", versionStartIncluding: "5.13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.", }, { lang: "es", value: "El archivo net/sunrpc/xdr.c en el kernel de Linux versiones anteriores a 5.13.4, permite a atacantes remotos causar una denegación de servicio (acceso fuera de los límites de xdr_set_page_base) al llevar a cabo muchas operaciones NFS 4.2 READ_PLUS", }, ], id: "CVE-2021-38201", lastModified: "2024-11-21T06:16:38.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-08T20:15:07.147", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-27 20:15
Modified
2024-11-21 07:14
Severity ?
Summary
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| netapp | solidfire_enterprise_sds | - | |
| netapp | hci_compute_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "9220F971-9877-4B46-8E78-6C63F9EEC17A", versionEndExcluding: "4.9.326", versionStartIncluding: "2.6.14", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "3BBC7E43-6161-4F21-977C-5BB7792C6C94", versionEndExcluding: "4.14.291", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "0F412385-907C-4CAD-9E5B-CC397DEE5783", versionEndExcluding: "4.19.255", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "8A22815E-5E13-479C-8A92-BACF21F911EA", versionEndExcluding: "5.4.209", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "BB550DF5-C3A3-4009-A61F-C7293D5A081D", versionEndExcluding: "5.10.135", versionStartIncluding: "5.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "79909FF8-3A4D-4569-8AB9-60BACD5CCD5C", versionEndExcluding: "5.15.59", versionStartIncluding: "5.11", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F120BA4D-7528-41C4-960F-9133D4EFB5B8", versionEndExcluding: "5.18.16", versionStartIncluding: "5.16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_enterprise_sds:-:*:*:*:*:*:*:*", matchCriteriaId: "5D18075A-E8D6-48B8-A7FA-54E336A434A2", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.", }, { lang: "es", value: "La función nfqnl_mangle en el archivo net/netfilter/nfnetlink_queue.c en el kernel de Linux versiones hasta 5.18.14, permite a atacantes remotos causar una denegación de servicio (pánico) porque, en el caso de un veredicto nf_queue con un atributo nfta_payload de un byte, un skb_pull puede encontrar un skb-)len negativo", }, ], id: "CVE-2022-36946", lastModified: "2024-11-21T07:14:07.530", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-27T20:15:08.643", references: [ { source: "cve@mitre.org", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://marc.info/?l=netfilter-devel&m=165883202007292&w=2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5207", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://marc.info/?l=netfilter-devel&m=165883202007292&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5207", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51 | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20191205-0001/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4300-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4301-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20191205-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4300-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4301-1/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "81529934-E2E4-4EDA-8787-54E9CB8B046D", versionEndExcluding: "5.4.12", versionStartIncluding: "4.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "5C0ADE5D-F91D-4E0D-B6C5-3511B19665F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5AF71C49-ADEF-4EE2-802C-6159ADD51355", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*", matchCriteriaId: "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*", matchCriteriaId: "24377899-5389-4BDC-AC82-0E4186F4DE53", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*", matchCriteriaId: "23FE83DE-AE7C-4313-88E3-886110C31302", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*", matchCriteriaId: "490B327B-AC20-419B-BB76-8AB6971304BB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*", matchCriteriaId: "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*", matchCriteriaId: "6CA74E8B-51E2-4A7C-8A98-0583D31134A6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*", matchCriteriaId: "7B64AB37-A1D9-4163-A51B-4C780361F1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*", matchCriteriaId: "7BE9C9D7-9CED-4184-A190-1024A6FB8C82", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*", matchCriteriaId: "B73D4C3C-A511-4E14-B19F-91F561ACB1B8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*", matchCriteriaId: "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*", matchCriteriaId: "039C3790-5AA2-4895-AEAE-CC84A71DB907", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*", matchCriteriaId: "B4592238-D1F2-43D6-9BAB-2F63ECF9C965", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*", matchCriteriaId: "0BA78068-80E9-4E49-9056-88EAB7E3682C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*", matchCriteriaId: "092F366C-E8B0-4BE5-B106-0B7A73B08D34", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*", matchCriteriaId: "E7992E92-B159-4810-B895-01A9B944058A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*", matchCriteriaId: "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "66EEA3CA-8CC7-4F0B-8204-6132D4114873", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", matchCriteriaId: "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2.", }, { lang: "es", value: "Una pérdida de memoria en la función rpmsg_eptdev_write_iter() en el archivo drivers/rpmsg/rpmsg_char.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función copy_from_iter_full(), también se conoce como CID-bbe692e349e2.", }, ], id: "CVE-2019-19053", lastModified: "2024-11-21T04:34:04.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:11.903", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4300-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4301-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4300-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4301-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-26 17:15
Modified
2024-11-21 06:47
Severity ?
Summary
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | clustered_data_ontap | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| brocade | fabric_operating_system | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "74CAAB48-E0AD-4BD2-B143-A02937679092", versionEndExcluding: "7.83.0", versionStartIncluding: "7.33.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "41CD1160-B681-41EF-9EB4-06CE0F53C501", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", }, { lang: "es", value: "Se presenta una vulnerabilidad de autenticación inapropiada en curl versiones 7.33.0 hasta 7.82.0 incluyéndola, que podría permitir reúso de conexiones autenticadas por OAUTH2 sin asegurarse apropiadamente de que la conexión fue autenticada con las mismas credenciales establecidas para esta transferencia. Esto afecta a los protocolos con SASL: SMPTP(S), IMAP(S), POP3(S) y LDAP(S) (sólo openldap)", }, ], id: "CVE-2022-22576", lastModified: "2024-11-21T06:47:03.447", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-26T17:15:09.077", references: [ { source: "support@hackerone.com", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://hackerone.com/reports/1526328", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://hackerone.com/reports/1526328", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 06:56
Severity ?
Summary
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | clustered_data_ontap | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "5A6699F9-0644-4957-ABE3-6394FC77FB37", versionEndExcluding: "7.83.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", }, { lang: "es", value: "libcurl proporciona la opción \"CURLOPT_CERTINFO\" para permitir que las aplicaciones soliciten que se devuelvan detalles sobre la cadena de certificados de un servidor. Debido a una función errónea, un servidor malicioso podría hacer que libcurl construido conNSS quedara atascado en un bucle ocupado interminable cuando intentara recuperar esa información", }, ], id: "CVE-2022-27781", lastModified: "2024-11-21T06:56:10.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-02T14:15:44.467", references: [ { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1555441", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1555441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-14 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "A4938AC8-A83F-48D8-861C-042B90B75CAA", versionEndIncluding: "7.73.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "3E76BECE-0843-4B9F-90DE-7690764701B0", versionEndExcluding: "10.14.6", versionStartIncluding: "10.14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "DB8A73F8-3074-4B32-B9F6-343B6B1988C5", versionEndExcluding: "10.15.7", versionStartIncluding: "10.15", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*", matchCriteriaId: "A369D48B-6A0A-47AE-9513-D5E2E6F30931", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", matchCriteriaId: "510F8317-94DA-498E-927A-83D5F41AF54A", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", matchCriteriaId: "0D5D1970-6D2A-42CA-A203-42023D71730D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", matchCriteriaId: "C68AE52B-5139-40A4-AE9A-E752DBF07D1B", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*", matchCriteriaId: "63940A55-D851-46EB-9668-D82BEFC1FE95", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*", matchCriteriaId: "68C7A97A-3801-44FA-96CA-10298FA39883", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*", matchCriteriaId: "6D69914D-46C7-4A0E-A075-C863C1692D33", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*", matchCriteriaId: "9CDB4476-B521-43E4-A129-8718A8E0A8CD", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*", matchCriteriaId: "9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*", matchCriteriaId: "A4A6BF78-B772-435C-AC1A-2199027CCF9E", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*", matchCriteriaId: "2C88BD98-46F5-447F-963A-FB9B167E31BE", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*", matchCriteriaId: "C7A0615B-D958-4BBF-B53F-AA839A0FE845", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", matchCriteriaId: "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", matchCriteriaId: "F12CC8B5-C1EB-419E-8496-B9A3864656AD", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", matchCriteriaId: "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*", matchCriteriaId: "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*", matchCriteriaId: "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", matchCriteriaId: "0F441A43-1669-478D-9EC8-E96882DE4F9F", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*", matchCriteriaId: "C1C795B9-E58D-467C-83A8-2D45C792292F", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "96C3F2DF-96A5-40F2-B5C7-E961C2EE4489", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:11.1:*:*:*:*:*:*:*", matchCriteriaId: "D120FD05-70E5-46AE-9B43-4F97BC8E05FE", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:11.2:*:*:*:*:*:*:*", matchCriteriaId: "752548E2-BB8F-49AB-9D80-38182232989B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "4479F76A-4B67-41CC-98C7-C76B81050F8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*", matchCriteriaId: "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ADB5D4C9-DA14-4188-9181-17336F9445F6", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "90B7CFBF-761C-4EAA-A322-EF5E294AADED", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E74AAF52-1388-4BD9-B17B-3A6A32CA3608", versionEndExcluding: "xcp2410", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A107698C-9C63-44A9-8A2B-81EDD5702B4C", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FC0460E-4695-44FB-99EE-28B2C957B760", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BD54A092-85A7-4459-9C69-19E6E24AC24B", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5F813DBC-BA1E-4C73-AA11-1BD3F9508372", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "416B805F-799A-4466-AC5A-93D083A2ABBD", versionEndExcluding: "xcp3110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.", }, { lang: "es", value: "Un servidor malicioso puede usar la respuesta FTP PASV para engañar a curl versiones 7.73.0 y anteriores, para que se conecte de nuevo a una dirección IP y puerto determinados, y de esta manera potencialmente hacer que curl extraiga información sobre servicios que de otro modo serían privados y no divulgados, por ejemplo, haciendo escaneo de puerto y extracciones del banner de servicio", }, ], id: "CVE-2020-8284", lastModified: "2024-11-21T05:38:39.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-14T20:15:13.903", references: [ { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2020-8284.html", }, { source: "support@hackerone.com", tags: [ "Permissions Required", ], url: "https://hackerone.com/reports/1040166", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202012-14", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212325", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212326", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212327", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2020-8284.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://hackerone.com/reports/1040166", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202012-14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212326", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 06:56
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/1553841 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://security.gentoo.org/glsa/202212-01 | Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20220609-0009/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1553841 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202212-01 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220609-0009/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | clustered_data_ontap | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "CD2B83A7-DB53-4F19-A6AD-0DCE7E4F5A66", versionEndExcluding: "7.83.1", versionStartIncluding: "7.80.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.", }, { lang: "es", value: "El analizador de URLs de Curl acepta erróneamente separadores de URL codificados en porcentaje, como \"/\", cuando decodifica la parte del nombre del host de una URL, convirtiéndola en una URL *diferente* que usa un nombre de host incorrecto cuando es recuperado posteriormente. Por ejemplo, una URL como \"http://example.com%2F127.0.0.1/\", sería permitida por el analizador y sería transpuesta a \"http://example.com/127.0.0.1/\". Este fallo puede usarse para omitir filtros, comprobaciones y otras cosas", }, ], id: "CVE-2022-27780", lastModified: "2024-11-21T06:56:10.427", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-06-02T14:15:44.267", references: [ { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1553841", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1553841", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-177", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "7172A3FD-611E-40CA-A6DD-349C9DDAC17A", versionEndExcluding: "4.4.262", versionStartIncluding: "3.9", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "D3BB1DB0-B588-4D26-89CB-F67E73EDA007", versionEndExcluding: "4.9.262", versionStartIncluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "712E1CC6-B087-4811-8513-30A6E6DFAEBB", versionEndExcluding: "4.14.192", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "924A83F4-1C2A-4B17-8E73-A155635FC9EA", versionEndExcluding: "4.19.137", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "BC19B2E4-2B1F-44F3-9944-91396EAC744D", versionEndExcluding: "5.3.9", versionStartIncluding: "4.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "5C0ADE5D-F91D-4E0D-B6C5-3511B19665F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5AF71C49-ADEF-4EE2-802C-6159ADD51355", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*", matchCriteriaId: "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*", matchCriteriaId: "24377899-5389-4BDC-AC82-0E4186F4DE53", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*", matchCriteriaId: "23FE83DE-AE7C-4313-88E3-886110C31302", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*", matchCriteriaId: "490B327B-AC20-419B-BB76-8AB6971304BB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*", matchCriteriaId: "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*", matchCriteriaId: "6CA74E8B-51E2-4A7C-8A98-0583D31134A6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*", matchCriteriaId: "7B64AB37-A1D9-4163-A51B-4C780361F1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*", matchCriteriaId: "7BE9C9D7-9CED-4184-A190-1024A6FB8C82", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*", matchCriteriaId: "B73D4C3C-A511-4E14-B19F-91F561ACB1B8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*", matchCriteriaId: "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*", matchCriteriaId: "039C3790-5AA2-4895-AEAE-CC84A71DB907", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*", matchCriteriaId: "B4592238-D1F2-43D6-9BAB-2F63ECF9C965", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*", matchCriteriaId: "0BA78068-80E9-4E49-9056-88EAB7E3682C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*", matchCriteriaId: "092F366C-E8B0-4BE5-B106-0B7A73B08D34", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*", matchCriteriaId: "E7992E92-B159-4810-B895-01A9B944058A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*", matchCriteriaId: "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "66EEA3CA-8CC7-4F0B-8204-6132D4114873", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", matchCriteriaId: "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.", }, { lang: "es", value: "Una pérdida de memoria en la función adis_update_scan_mode_burst() en el archivo drivers/iio/imu/adis_buffer.c en el kernel de Linux versiones anteriores a 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-9c0530e898f3.", }, ], id: "CVE-2019-19061", lastModified: "2024-11-21T04:34:06.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:12.403", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4208-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4526-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4208-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4526-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 06:56
Severity ?
Summary
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/1553598 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20220609-0009/ | Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20220729-0004/ | Third Party Advisory | |
| support@hackerone.com | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1553598 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220609-0009/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220729-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:7.83.0:*:*:*:*:*:*:*", matchCriteriaId: "657031E1-05BF-47EA-8637-4EEB852157E4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bh500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "14AEBBB8-B092-4667-B519-7BCB078D856D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "B9899811-70B2-4DAC-989F-CEEC6380FAAC", versionEndIncluding: "5.7.38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "40603932-7E9F-4D7F-8206-7D2819EE0586", versionEndIncluding: "8.0.29", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.", }, { lang: "es", value: "Una vulnerabilidad en el uso de nombres resueltos incorrectamente, corregida en versión 7.83.1, podía eliminar el archivo equivocado cuando es usado \"--no-clobber\" junto con \"--remove-on-error\"", }, ], id: "CVE-2022-27778", lastModified: "2024-11-21T06:56:10.163", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-02T14:15:43.903", references: [ { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1553598", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0004/", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1553598", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-706", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-706", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-19 22:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*", matchCriteriaId: "7D961E24-EA18-4217-B5F5-F847726D84E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "601D92C4-F71F-47E2-9041-5C286D2137F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B18FE85D-C53D-44E9-8992-715820D1264B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*", matchCriteriaId: "6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*", matchCriteriaId: "EB2A5440-7FA7-4A86-AA19-E2ABBD809B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*", matchCriteriaId: "9C0485FC-E4B2-464E-8228-1387AC5F353B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "7AF3539B-0434-4310-AE88-F46864C7C20F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "F5CC9398-71B6-4480-95ED-EDCE838D157E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*", matchCriteriaId: "60614E43-090E-44D7-94AD-FFAE38FF111F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*", matchCriteriaId: "131E1C9E-721C-4176-B78B-69C01F90A9A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*", matchCriteriaId: "AD4BFA12-588A-4D8D-B45F-648A55EC674C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4EF9CFB1-CEC9-483E-BECF-618190C03944", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9", versionEndIncluding: "11.0.15", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "8CA6BC07-2BDA-4913-AF2B-FD2146B0E539", versionEndIncluding: "13.0.11", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "5A2E366B-549D-48C5-B3FB-AD0E8C75AE08", versionEndIncluding: "15.0.7", versionStartIncluding: "15", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "15FD6A0B-BB1A-4875-926C-AB1B6EC1A053", versionEndIncluding: "17.0.3", versionStartIncluding: "17", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*", matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*", matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*", matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*", matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*", matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*", matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*", matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*", matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*", matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*", matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*", matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*", matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*", matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*", matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*", matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*", matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*", matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*", matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*", matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*", matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*", matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*", matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*", matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*", matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*", matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*", matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*", matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*", matchCriteriaId: "56CBFC1F-C120-44F2-877A-C1C880AA89C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:azul:zulu:6.47:*:*:*:*:*:*:*", matchCriteriaId: "4E4633C4-E552-439D-8FE4-139E3A7956CD", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*", matchCriteriaId: "50C77346-8893-44F0-B0D1-5D4D30A9CA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*", matchCriteriaId: "63E58DE0-A96A-452E-986F-3BD2FEA7C723", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*", matchCriteriaId: "D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*", matchCriteriaId: "BD7A33EC-DE03-424F-9796-E5EA071FF6CD", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*", matchCriteriaId: "CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*", matchCriteriaId: "B6302149-28AA-481E-BC6C-87D05E73768A", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*", matchCriteriaId: "20DFD9D8-8648-40F7-81B8-04F852A337FA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, { lang: "es", value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones afectadas son Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 y 22.1.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 5.3 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", }, ], id: "CVE-2022-21540", lastModified: "2024-11-21T06:44:55.007", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Primary", }, ], }, published: "2022-07-19T22:15:11.730", references: [ { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { source: "secalert_us@oracle.com", url: "https://security.gentoo.org/glsa/202401-25", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-25", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-29 19:15
Modified
2024-11-21 04:59
Severity ?
Summary
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "0542D4E3-231E-4A77-86D4-89BC72DCBAB7", versionEndExcluding: "4.19.111", versionStartIncluding: "4.16", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "969EAF10-7774-45A4-99A8-E946B33706E6", versionEndExcluding: "5.4.26", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "935FAEA6-8487-40DA-A460-9A459030B182", versionEndExcluding: "5.5.10", versionStartIncluding: "5.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", matchCriteriaId: "27227B35-932A-4035-B39F-6A455753C0D6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*", matchCriteriaId: "489D20B9-166F-423D-8C48-A23D3026E33B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", matchCriteriaId: "A4AD592C-222D-4C6F-B176-8145A1A5AFEC", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", matchCriteriaId: "8603654B-A8A9-4DEB-B0DD-C82E1C885749", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*", matchCriteriaId: "78BE572F-45C1-467F-918F-FB1276F6B495", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", matchCriteriaId: "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*", matchCriteriaId: "646FFC2B-6DC4-4BD8-AAE0-81895D397700", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*", matchCriteriaId: "C855C933-F271-45E6-8E85-8D7CF2EF1BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:aff_baseboard_management_controller:a700s:*:*:*:*:*:*:*", matchCriteriaId: "804B2D7C-D890-4C4C-8A76-1760552E11BC", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.", }, { lang: "es", value: "Se descubrió un desbordamiento de matriz en la función mt76_add_fragment en el archivo drivers/net/wireless/mediatek/mt76/dma.c en el kernel de Linux versiones anteriores a la versión 5.5.10, también se conoce como CID-b102f0c522cf. Un paquete de gran tamaño con muchos fragmentos rx puede corromper la memoria de páginas adyacentes.", }, ], id: "CVE-2020-12465", lastModified: "2024-11-21T04:59:45.510", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-29T19:15:12.907", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b102f0c522cf668c8382c56a4f771b37d011cda2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/b102f0c522cf668c8382c56a4f771b37d011cda2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-04 13:29
Modified
2024-11-21 03:28
Severity ?
Summary
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*", matchCriteriaId: "CD028C10-FD07-4206-A732-CCAC1B6D043D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2316:*:*:*:*:*:*:*", matchCriteriaId: "704FAA50-1B7D-4917-AC4A-4C58785340F1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2338:*:*:*:*:*:*:*", matchCriteriaId: "5C6B95D3-75BD-4826-BFBE-9701CC0FF052", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2350:*:*:*:*:*:*:*", matchCriteriaId: "F66E31A6-EA01-40C8-8718-CE2C1F45EEB8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2358:*:*:*:*:*:*:*", matchCriteriaId: "DBBE3B05-2063-49DE-A1D3-9D0A62E0CF5E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2508:*:*:*:*:*:*:*", matchCriteriaId: "022F2CBE-EFB1-4962-AC91-D25AAB057DAF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2516:*:*:*:*:*:*:*", matchCriteriaId: "69C05CD9-551B-46EE-85F8-D18FF878FE8D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2518:*:*:*:*:*:*:*", matchCriteriaId: "2DCCB5A5-20E3-4EC5-956C-EA7C0F33A026", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2530:*:*:*:*:*:*:*", matchCriteriaId: "3C38C609-242E-4923-A81F-DAFBE7B6A927", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2538:*:*:*:*:*:*:*", matchCriteriaId: "2AEB08B5-7CBA-479A-A41B-FD8A6D9E0875", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2550:*:*:*:*:*:*:*", matchCriteriaId: "A8C4FDD7-F2EC-4EDB-ACC9-3D6B9152C855", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2558:*:*:*:*:*:*:*", matchCriteriaId: "8E51DD0B-1EED-4BE9-B0A7-BE2E91CCA84C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2718:*:*:*:*:*:*:*", matchCriteriaId: "D7AC7C56-2205-4121-99E2-001A7488E0FC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2730:*:*:*:*:*:*:*", matchCriteriaId: "A1677313-FF8F-493B-9DA3-C78F87581A17", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2738:*:*:*:*:*:*:*", matchCriteriaId: "4B2A3CCE-FA57-43B5-B7DE-CFD0CC2ECD7A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2750:*:*:*:*:*:*:*", matchCriteriaId: "85CA4444-5103-4451-8A7C-F6BBE714BBB7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c2758:*:*:*:*:*:*:*", matchCriteriaId: "FA1EB745-46D7-4088-93C6-E7156520B144", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*", matchCriteriaId: "A93010C0-33B3-438F-94F6-8DA7A9D7B451", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*", matchCriteriaId: "2A988A78-6B3D-4599-A85C-42B4A294D86D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*", matchCriteriaId: "1D7C5EF4-3A92-4AF7-9B11-62B4FFDC5128", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*", matchCriteriaId: "246AA1B0-B6C8-406B-817D-26113DC63858", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*", matchCriteriaId: "00EE5B42-FF05-447C-BACC-0E650E773E49", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*", matchCriteriaId: "B0779CC9-BD39-4E0B-B523-A6C69F9EBB0C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*", matchCriteriaId: "A1F0E3C4-7E9B-435F-907E-4BF4F12AF314", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*", matchCriteriaId: "5D616C72-0863-478C-9E87-3963C83B87E8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*", matchCriteriaId: "CC333B0D-3A0E-4629-8016-68C060343874", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*", matchCriteriaId: "6655535C-FF64-4F9E-8168-253AABCC4F5D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*", matchCriteriaId: "B1EDEA1E-9A19-4B3F-806E-D770D1AB4C73", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*", matchCriteriaId: "BBD68F3F-7E38-40B9-A20B-B9BB45E8D042", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*", matchCriteriaId: "1EACEF19-83BC-4579-9274-BE367F914432", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*", matchCriteriaId: "1CC73291-AA6F-40B0-860A-1F2E6AB1E2AC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*", matchCriteriaId: "24128A7F-2B0B-4923-BA9E-9F5093D29423", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*", matchCriteriaId: "0990DD71-9E83-499D-9DAF-A466CF896CFA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*", matchCriteriaId: "9B7FEDEF-9772-4FB1-9261-020487A795AA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*", matchCriteriaId: "FE7B0F72-DEDF-40C4-887C-83725C52C92E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*", matchCriteriaId: "9568C222-9816-4520-B01C-C1DC2A79002D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*", matchCriteriaId: "4B2F8FAD-1688-4369-BB4B-9FA9F30A80A9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*", matchCriteriaId: "53A1F23D-7226-4479-B51F-36376CC80B04", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x3:c3130:*:*:*:*:*:*:*", matchCriteriaId: "BAB245C8-9918-41A0-9DFB-A11E4185C87A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x3:c3200rk:*:*:*:*:*:*:*", matchCriteriaId: "9990DD08-BD81-4BFA-B3D4-0DECBF8CCC54", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x3:c3205rk:*:*:*:*:*:*:*", matchCriteriaId: "F752A3C8-18ED-4765-B6EC-C664154EB701", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x3:c3230rk:*:*:*:*:*:*:*", matchCriteriaId: "B4F31C3F-7C0D-4D95-B4B9-89FD38076913", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x3:c3235rk:*:*:*:*:*:*:*", matchCriteriaId: "5BEEE36E-E735-4A33-80B7-9407D072F6BD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x3:c3265rk:*:*:*:*:*:*:*", matchCriteriaId: "2CB3D3DE-21BE-40C7-A510-AC97C92390DC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x3:c3295rk:*:*:*:*:*:*:*", matchCriteriaId: "0D9A9545-38A3-460D-AB1A-8B03BEB405A8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x3:c3405:*:*:*:*:*:*:*", matchCriteriaId: "1860D932-777D-41F2-94A2-D14AB1494AA3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x3:c3445:*:*:*:*:*:*:*", matchCriteriaId: "75165A10-2FD5-4370-814C-B60FDE339AFF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x5-e3930:-:*:*:*:*:*:*:*", matchCriteriaId: "454AC633-5F1C-47BB-8FA7-91A5C29A1DD5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x5-e3940:-:*:*:*:*:*:*:*", matchCriteriaId: "A2394E8C-58D9-480B-87A7-A41CD7697FC6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_x7-e3950:-:*:*:*:*:*:*:*", matchCriteriaId: "1B9AC02B-D3AE-4FAF-836E-55515186A462", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*", matchCriteriaId: "65AAC7A7-77CA-4C6C-BD96-92A253512F09", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*", matchCriteriaId: "FCD16C07-0050-495A-8722-7AC46F5920F9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*", matchCriteriaId: "01423706-C82C-4457-9638-1A2380DE3826", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*", matchCriteriaId: "A881E2D3-A668-465F-862B-F8C145BD5E8D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*", matchCriteriaId: "3E5B9B98-0EF0-4ACD-B378-F9DE5AB36CBB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*", matchCriteriaId: "4BDC6806-E4FC-4A6E-A6BB-88C18E47ABFA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*", matchCriteriaId: "6602DD69-E59A-417D-B19F-CA16B01E652C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*", matchCriteriaId: "05C493EE-EF9F-47E2-8F88-86DF6C5F1FF9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*", matchCriteriaId: "40010DAE-DD1A-4A81-B6E9-EDC1B0DDCAB0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*", matchCriteriaId: "ED96AC16-12CC-43F6-ACC8-009A06CDD8F5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*", matchCriteriaId: "2CE9DC29-C192-4553-AF29-D39290976F47", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*", matchCriteriaId: "F625E647-B47E-404C-9C5B-72F3EB1C46F5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*", matchCriteriaId: "E3AF3279-89E7-4C91-8C5F-5AD5937CD0C4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*", matchCriteriaId: "B5878612-9825-4737-85A5-8227BA97CBA5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*", matchCriteriaId: "F453D348-28CE-402B-9D40-A29436A24ECC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*", matchCriteriaId: "36322F4B-83D7-468A-BB34-1C03729E9BF3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*", matchCriteriaId: "0AD22811-C3C6-4B5E-98D5-D3F2240E6C8C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*", matchCriteriaId: "A3C7D0BA-8F07-42AD-8BB9-C65472BE41C1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*", matchCriteriaId: "B0A2A50E-94FA-44E9-A45D-3016750CFBDA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*", matchCriteriaId: "5625CAD8-4A62-4747-B6D9-90E56F09B731", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*", matchCriteriaId: "43A234CE-D6AA-4A32-8425-1A4DDA0F6B6D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*", matchCriteriaId: "78DE1A01-3AEF-41E6-97EE-CB93429C4A1D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*", matchCriteriaId: "410184AF-B932-4AC9-984F-73FD58BB4CF7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*", matchCriteriaId: "B265F073-9E0A-4CA0-8296-AB52DEB1C323", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*", matchCriteriaId: "3F664223-1CBC-4D8A-921B-F03AACA6672B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*", matchCriteriaId: "987A8470-08BA-45DE-8EC0-CD2B4451EECD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*", matchCriteriaId: "8BBC9542-FB77-4769-BF67-D42829703920", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*", matchCriteriaId: "74FDC18B-4662-422E-A86A-48FE821C056F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*", matchCriteriaId: "CAB4AA2C-D1D9-44D8-9471-66EBDE9DC66D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*", matchCriteriaId: "CBA3E7AE-CB74-48A8-A2B8-9FCADB6E40D2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j:j1750:*:*:*:*:*:*:*", matchCriteriaId: "78E4461B-72F8-4F3D-A405-4AFA99EC8A32", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j:j1800:*:*:*:*:*:*:*", matchCriteriaId: "663DDC1C-E48A-4E84-A6CC-B46FC45D6A6F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j:j1850:*:*:*:*:*:*:*", matchCriteriaId: "8CEEC75B-10CE-4B7E-BA5F-6D661EC07FFF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j:j1900:*:*:*:*:*:*:*", matchCriteriaId: "DAEDED56-9387-4DAC-BF52-C32ECCB7D407", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j:j3060:*:*:*:*:*:*:*", matchCriteriaId: "FA13F31C-BBD9-48C7-8499-92D0B5CA8CF4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j:j3160:*:*:*:*:*:*:*", matchCriteriaId: "E57A9B28-734B-401D-B24C-A295F364D8E8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j:j3355:*:*:*:*:*:*:*", matchCriteriaId: "F02289DF-4A02-4602-89B7-E9148236EE1E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*", matchCriteriaId: "723E7155-493D-4B5A-99E2-AB261838190E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*", matchCriteriaId: "82E37264-E4BA-4D9D-92E7-56DE6B5F918F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*", matchCriteriaId: "8704BE6D-2857-4328-9298-E0273376F2CD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2805:*:*:*:*:*:*:*", matchCriteriaId: "731F1E65-1D53-443B-8E2F-8AF11191AFA6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2806:*:*:*:*:*:*:*", matchCriteriaId: "02A83822-822D-4A4D-B29B-A5BE6367A7DF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2807:*:*:*:*:*:*:*", matchCriteriaId: "E8C32738-F08E-469C-8DE0-2708F30574A1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2808:*:*:*:*:*:*:*", matchCriteriaId: "B292187E-8EAD-49D2-B469-B14CA0656035", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2810:*:*:*:*:*:*:*", matchCriteriaId: "C7D131E1-24C1-48CF-B3DD-46B09A718FB5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2815:*:*:*:*:*:*:*", matchCriteriaId: "0ABF1231-73CF-4D1B-860C-E76CD26A645E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2820:*:*:*:*:*:*:*", matchCriteriaId: "F7F88E38-4EC4-41DB-A59D-800997440C0E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2830:*:*:*:*:*:*:*", matchCriteriaId: "32FD6647-4101-4B36-9A9A-F70C29997148", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2840:*:*:*:*:*:*:*", matchCriteriaId: "D248D668-A895-43B3-ADEF-1B22EE7DC76E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2910:*:*:*:*:*:*:*", matchCriteriaId: "858411B5-E904-45FA-8B33-5CC73B915B22", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2920:*:*:*:*:*:*:*", matchCriteriaId: "6BB9336C-C893-4AB0-9402-868CE9960058", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2930:*:*:*:*:*:*:*", matchCriteriaId: "A4695F94-7AAE-4219-9EF6-CE6D0838192D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n2940:*:*:*:*:*:*:*", matchCriteriaId: "BD7A0991-73F0-410D-855C-BFC88A66E61F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n3000:*:*:*:*:*:*:*", matchCriteriaId: "FAF5CF9A-B3F2-4686-B933-7DB13AD2CF35", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n3010:*:*:*:*:*:*:*", matchCriteriaId: "9858EAC3-C1CE-449B-A605-FFA337DA825D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n3050:*:*:*:*:*:*:*", matchCriteriaId: "E7A8F905-A4C6-4EC6-B9E8-800948350B89", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n3060:*:*:*:*:*:*:*", matchCriteriaId: "565B48E3-1406-4E3C-B4A5-35865C5614E1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n3150:*:*:*:*:*:*:*", matchCriteriaId: "46B6C4D7-B0A2-4DF1-B8DE-19C806D5FABB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n3160:*:*:*:*:*:*:*", matchCriteriaId: "8AB82A90-C0BC-4BA8-88CA-4967BC3A4A7A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n3350:*:*:*:*:*:*:*", matchCriteriaId: "191A094B-E354-4767-AD43-87CE140BF851", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*", matchCriteriaId: "C1289B9E-5725-42EF-8848-F545421A29E1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n4000:*:*:*:*:*:*:*", matchCriteriaId: "238A21CB-F8C5-468B-B523-6D014E2EA8AA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:celeron_n:n4100:*:*:*:*:*:*:*", matchCriteriaId: "0DC52CDD-614D-4EA0-8DA8-D71189C42E8B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*", matchCriteriaId: "A4229DB2-8BBC-49F8-87A8-2E7D56EFD310", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*", matchCriteriaId: "FEBA7322-4D95-4E70-B6A5-E0D8F1B5D7EB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*", matchCriteriaId: "A0E91F46-D950-4894-BACF-05A70C7C6F7B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*", matchCriteriaId: "0E12B40B-5221-48A6-B2A6-D44CD5636BB0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*", matchCriteriaId: "6BCB77C9-ABE3-44A0-B377-7D7035E8A11F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*", matchCriteriaId: "D06639F5-5EE8-44F4-B48A-5694383154DF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*", matchCriteriaId: "CD9662C9-59D3-4B3E-A4DA-4F1EE16FC94B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*", matchCriteriaId: "637C3687-FBCC-41A0-BFE6-823BAE45FB92", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*", matchCriteriaId: "2350A197-193F-4B22-80E8-3275C97C78EE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*", matchCriteriaId: "734C7A7E-ACCA-4B34-BF38-0FAED988CC6A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*", matchCriteriaId: "4D9ABAFC-B3B5-449D-A48E-2E978563EDE7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*", matchCriteriaId: "99019EA0-6576-4CE7-B60A-975D418AA917", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*", matchCriteriaId: "8E846AEF-751D-40AD-84B5-EFDC9CF23E2F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*", matchCriteriaId: "EB9DD909-B2AC-46BA-B057-D239D0773CAD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*", matchCriteriaId: "54F5C355-FDFC-4E71-93AA-218389EF10E6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*", matchCriteriaId: "B0A1CA1E-971D-4F67-864E-2E772C1E736B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*", matchCriteriaId: "1B5F8391-D974-49AC-8550-ADB3FA6C0535", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*", matchCriteriaId: "8302BF58-9E54-40DA-BCFE-59CA52C460D9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*", matchCriteriaId: "ECCDE9EF-037B-4650-8131-4D57BE141277", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*", matchCriteriaId: "47BA9DA8-F690-4E3C-AEF6-6A5C7BAA6F19", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*", matchCriteriaId: "DB8253DA-9A04-40D6-84C1-C682B4023D4B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*", matchCriteriaId: "DAF6D175-85C3-4C72-AD9F-31B47EF43154", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*", matchCriteriaId: "7A5FC594-2092-4240-9538-235BBE236DD9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*", matchCriteriaId: "87D95F00-EA89-4FDE-991C-56636B8E0331", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*", matchCriteriaId: "32C40D38-F7F2-4A48-ADAA-6A8BBD6A1A00", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*", matchCriteriaId: "4158561F-8270-42D1-91D8-E063CE7F5505", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*", matchCriteriaId: "FF0DEA96-0202-41EB-BDC3-24E2FC4415B2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*", matchCriteriaId: "F8BACE1C-5D66-4FBC-8F86-30215A623A94", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*", matchCriteriaId: "CF707146-0D64-4F3A-AE22-956EA1CB32B6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*", matchCriteriaId: "8118C3F9-0853-4E87-9E65-86E1398B2780", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*", matchCriteriaId: "1A298501-C4D7-48D4-90F9-15AFA59DED48", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*", matchCriteriaId: "FEE1B07B-3D92-4D2D-8667-D902F002277F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*", matchCriteriaId: "8F05CB19-1059-4C4D-BFD7-9F51A22A4F97", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*", matchCriteriaId: "5588732F-7F1A-4C24-B35F-30532107FFDE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*", matchCriteriaId: "A127DD5D-426D-4F24-A8C5-DC9DAC94B91C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*", matchCriteriaId: "26EE0BBD-3982-4B0F-82F6-D58E077C75DD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*", matchCriteriaId: "FAEEC918-EA25-4B38-B5C3-85899D3EBE6C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*", matchCriteriaId: "813965F4-3BDA-4478-8E6A-0FD52723B764", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*", matchCriteriaId: "2C5EA2F4-F3EF-4305-B1A1-92F636ED688F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*", matchCriteriaId: "04384319-EE8C-45B4-8BDD-414502E7C02D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*", matchCriteriaId: "C52528CE-4F31-4E5F-8255-E576B20F3043", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*", matchCriteriaId: "A6C3F422-F865-4160-AA24-1DAFAE63729C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*", matchCriteriaId: "5D034E7F-4D17-49D7-BDB2-90CB4C709B30", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*", matchCriteriaId: "3C18E6B4-E947-403B-80FB-7095420D482B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*", matchCriteriaId: "2814CC9F-E027-4C5A-93AF-84EA445E6C12", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*", matchCriteriaId: "24A470C3-AAAA-4A6E-B738-FEB69DB78B9D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*", matchCriteriaId: "A1236944-4942-40E4-9BA1-029FEAE94BBC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*", matchCriteriaId: "086CAB4B-A10A-4165-BC33-33CADCD23C0F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*", matchCriteriaId: "B1A6A1EB-B3AB-4CB4-827E-CCAAD783F8E0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*", matchCriteriaId: "AAFB6B30-BFB0-4397-9E16-37D1A772E639", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*", matchCriteriaId: "DFCB9D7B-7D0A-435D-8499-C16BE09E19FB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*", matchCriteriaId: "64277594-9713-436B-8056-542CFA9F4CFC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*", matchCriteriaId: "589BB170-7CBA-4F28-99E3-9242B62E2918", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*", matchCriteriaId: "91B9C4D9-DA09-4377-9DCD-225857BD9FA7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*", matchCriteriaId: "03D0265F-840B-45A1-90BD-9ED8846A9F63", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*", matchCriteriaId: "74BAC0EC-2B38-4553-A399-4BD5483C4753", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*", matchCriteriaId: "4477EBA6-F0A7-452B-96E8-BA788370CCA8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*", matchCriteriaId: "1285D817-B5B8-4940-925D-FCDD24810AE6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*", matchCriteriaId: "D289F7B4-27CD-4433-BB45-06AF98A59B7A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*", matchCriteriaId: "00168903-6012-4414-87D1-2EE52AA6D78E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*", matchCriteriaId: "6AE8D524-577E-4994-8A4B-D15022C84D7F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*", matchCriteriaId: "75977B0B-C44D-43BC-8D7A-AF966CDB1901", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*", matchCriteriaId: "AE7F5D52-9F41-49A4-B941-E0D777203FF7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*", matchCriteriaId: "52B5B3FD-5BEA-4DE8-B010-55FED1547167", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*", matchCriteriaId: "167B1B04-5823-4038-A019-3975A3B447C9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*", matchCriteriaId: "F6C7A4EA-0B5E-47CD-8924-3B1B60EB4BE4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*", matchCriteriaId: "1BA096E0-5480-47CB-822B-D11D7E20F69F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*", matchCriteriaId: "30357469-0B8F-4385-A282-2F50181EA442", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*", matchCriteriaId: "3BE70772-7796-4594-880A-6AAD046E4D8D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*", matchCriteriaId: "1A9E2F8D-2974-4833-9EC2-233CEE257C26", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*", matchCriteriaId: "17EE3078-454F-48F8-B201-3847DB40D5C4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*", matchCriteriaId: "EE32C500-55C2-41A7-8621-14EBF793BF11", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*", matchCriteriaId: "52D3DF52-501A-4656-98F1-8DD51D04F31F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*", matchCriteriaId: "3EA603AD-6CF1-44B2-876D-6F1C0B7EF2C9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*", matchCriteriaId: "09578301-CF39-4C24-951A-535743E277EF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*", matchCriteriaId: "1F4D14AA-7DBF-4B73-BDEF-6248EF5C0F7A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*", matchCriteriaId: "5A65F303-96C8-4884-8D6F-F439B86BA30C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*", matchCriteriaId: "1E046105-9DF5-425F-A97E-16081D54613C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*", matchCriteriaId: "B2987BCF-39E6-49B6-8DEE-963A38F12B07", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*", matchCriteriaId: "7AEDE2B7-9AA2-4A14-8A02-9A2BFF0DDCBF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*", matchCriteriaId: "5AD92AD8-033A-4AAD-91E5-CB446CCE9732", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*", matchCriteriaId: "77E0E73A-F1B4-4E70-B9F1-EE97785B8891", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*", matchCriteriaId: "61D6E3CC-79B1-4995-9A76-41683C7F254A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*", matchCriteriaId: "F9CEB2B1-BD1A-4B89-8E03-4F90F04A0F0E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*", matchCriteriaId: "6FE5773D-3CD1-4E63-8983-E0105C46D185", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*", matchCriteriaId: "2A7C307A-6576-4A0A-8F4E-0981C9EE2901", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*", matchCriteriaId: "18B3A53B-902C-46A5-8CE7-B55102703278", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*", matchCriteriaId: "AB843479-729A-4E58-8027-0FC586F051AA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*", matchCriteriaId: "1AF5A233-1E77-49FD-AC2C-60D185481E28", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*", matchCriteriaId: "18519CF2-B0DA-42DD-8A3E-9084298C210A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*", matchCriteriaId: "329D5FCF-7EC5-4471-906B-3619A180BD52", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*", matchCriteriaId: "0DD43EAA-F3A5-4748-9187-A6E6707ACD11", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*", matchCriteriaId: "C6F3C14D-4BFC-4205-8781-95E6B28C83C1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*", matchCriteriaId: "20942AD8-ADB7-4A50-BDBE-DB36249F4F52", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*", matchCriteriaId: "1EC6ED02-134B-4322-AB72-75A0AB22701E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*", matchCriteriaId: "6FA74EEE-54CC-4F80-B1D3-99F7771335ED", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*", matchCriteriaId: "B6B859F7-0373-4ADD-92B3-0FAB42FCF23C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*", matchCriteriaId: "AAC76F31-00A5-4719-AA50-92F773919B3C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*", matchCriteriaId: "49996F5A-51B2-4D4E-AE04-E98E093A76CC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*", matchCriteriaId: "9F8406B0-D1E5-4633-B17E-53DC99FE7622", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*", matchCriteriaId: "3D49435C-7C33-454B-9F43-9C10F28A28A1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*", matchCriteriaId: "D17E1A0F-1150-4899-81BC-BE84E4EF5FA3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*", matchCriteriaId: "EADD98AE-BAB0-440D-AB9F-2D76BE5109E2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*", matchCriteriaId: "ED44A404-8548-4EDC-8928-4094D05A6A38", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*", matchCriteriaId: "3A6E4AA3-BEBC-4B14-9A52-A8F8B2954D64", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*", matchCriteriaId: "D2AAD8F0-0D31-4806-8A88-A30E5BE43630", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*", matchCriteriaId: "8164EE5F-6ABA-4365-8718-2F98C2E57A0F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*", matchCriteriaId: "C7110AF9-A407-4EE2-9C46-E5F1E3638E9A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*", matchCriteriaId: "2A06696D-37F0-427D-BFC5-1606E7441C31", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*", matchCriteriaId: "E9F8A5FC-5EFE-42EC-A49B-D3A312FB5F6F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*", matchCriteriaId: "68A76015-0A05-4EC7-B136-DC13B55D881F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*", matchCriteriaId: "C352DCE8-E8D9-40D3-AFE9-B5FB84F7ED33", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*", matchCriteriaId: "54464F6C-9B2D-46BA-AC44-506389F3EE0C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*", matchCriteriaId: "8FA11017-EA58-45EE-8408-FCCCF7183643", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*", matchCriteriaId: "8A5098A5-E4E8-47E4-8CD0-F607FF0C0C90", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*", matchCriteriaId: "442AD778-D56F-4C30-BBF8-749D6AAC4737", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*", matchCriteriaId: "AF7D3F31-AF4D-4C50-8590-A763AAC7AF07", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*", matchCriteriaId: "445BFC2E-38FA-4130-8550-0866EC4EDA33", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*", matchCriteriaId: "A6DC2746-CE41-40C9-8CFA-23231BBCAE77", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*", matchCriteriaId: "3C3A8976-5E4D-490A-A87D-A47D1B2B903C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*", matchCriteriaId: "0C8535E6-220E-4747-8992-45B6EAFC555C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*", matchCriteriaId: "C7479B49-F484-4DF2-86CB-E52EE89FA238", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*", matchCriteriaId: "B6D68512-746D-4E95-857B-13A0B6313C5E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*", matchCriteriaId: "4312BA84-F9A0-4BD4-8438-058E1E7D6C0C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*", matchCriteriaId: "60E52DF5-C713-4BC4-B587-FF6BDA8509CC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*", matchCriteriaId: "304ADCAC-9E49-42BD-BC92-58D9B2AD52E0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*", matchCriteriaId: "2AB02172-B9A7-4801-88F2-98BF5843184A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*", matchCriteriaId: "5141380E-BD18-47C1-A84C-384BA821773D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*", matchCriteriaId: "1AE6C49E-2359-4E44-9979-7D34F8460E35", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*", matchCriteriaId: "C004B75F-37AF-4E61-98F3-1B09A7062DDB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*", matchCriteriaId: "F7126D19-C6D9-43CB-8809-647B1A20E7DE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*", matchCriteriaId: "9CC98503-A80A-4114-8BF2-E016659BE84E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*", matchCriteriaId: "01E6F4A7-24BE-4AA0-9CDD-84FBC56FE9BB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*", matchCriteriaId: "3821412D-B010-49C4-A7B4-6C5FB6C603B1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*", matchCriteriaId: "A34CA5CC-9EB1-4063-8B9D-3F566C1EFF76", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*", matchCriteriaId: "5CEB5D2D-FF54-4BDB-9E9C-8C1B2719FC9A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*", matchCriteriaId: "6AD5B51A-AEA0-4DA2-BA60-94A2D5605352", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*", matchCriteriaId: "F96C6CA0-434D-428F-B629-A971C2937628", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*", matchCriteriaId: "301AB72A-A6F2-42C8-A931-94EF2271443F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*", matchCriteriaId: "59414B5A-05B8-49AF-A197-2A31729DDB65", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*", matchCriteriaId: "0BFDD380-692F-41D7-996F-F97FC74DC7CF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*", matchCriteriaId: "49602828-2BFC-4571-9F05-6210FD263DF2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*", matchCriteriaId: "87E03978-E16D-4A9B-8AE7-9F4F1171C14A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*", matchCriteriaId: "03096A9A-5758-47E6-81E2-BCFE847C41F4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*", matchCriteriaId: "150CC865-7975-45EC-BFF7-A94146442BA8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*", matchCriteriaId: "C8FA1308-589B-432B-80F9-9A499D083ED5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*", matchCriteriaId: "6ED2453E-30E1-4620-BEC5-21B0083449E2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*", matchCriteriaId: "0FE8DD05-D700-4F89-9B01-D489029DF7A8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*", matchCriteriaId: "050957CA-6191-4F9F-9D07-48B342B3B1B8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*", matchCriteriaId: "DACBF998-8B11-45C7-9017-486AED4FAE6C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*", matchCriteriaId: "C9F2F3C4-FC94-414A-A208-913A43D57D75", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*", matchCriteriaId: "641152EC-F4B4-4E5E-B396-AC4CAAB805BF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*", matchCriteriaId: "4911E332-B8BA-4336-A448-3F70D2BBB147", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*", matchCriteriaId: "330EC403-3174-4543-9BBE-CEC0ABC1575D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*", matchCriteriaId: "5EF585D0-507E-491E-9C3B-78EE26F2F070", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*", matchCriteriaId: "DD00F7C6-6762-4DC9-9F6C-5EAC4ACB1C54", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*", matchCriteriaId: "1F5D885A-85C4-4A11-B061-61EFF6B6E329", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*", matchCriteriaId: "0502B59F-933C-4E25-A2EC-9296B197E139", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*", matchCriteriaId: "99D9C0A9-2DFF-4760-8FED-AC2DA7968E51", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*", matchCriteriaId: "B5A1BAEC-18BF-4607-BFB7-48102E75186A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*", matchCriteriaId: "D49ED138-F42D-4451-A350-0B2DD5AB9444", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*", matchCriteriaId: "5ED91472-90FC-4AC8-96D5-1550A8502411", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*", matchCriteriaId: "57CEEFA6-CEED-4CA3-8DDC-B6601D69FB7C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*", matchCriteriaId: "2FD25ECD-0605-4CD7-9DC5-294ACD7EF1B0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*", matchCriteriaId: "2784E2AF-A5E5-4960-830C-B3EFB84043D0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*", matchCriteriaId: "9112FA50-5527-4B20-80F5-2DE9E66D09F6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*", matchCriteriaId: "73CE4E2E-B2BF-409E-B18C-D67DA810FE9B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*", matchCriteriaId: "E2B84D67-0B1D-4B74-BC85-AF8F933D8429", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*", matchCriteriaId: "BCA05A18-1523-4EED-9D2E-0A258A33F24F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*", matchCriteriaId: "C34E70EB-92F0-43F6-8883-FE422BE1A3FC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*", matchCriteriaId: "78D301F1-20C2-4756-9A90-37F14835CE14", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*", matchCriteriaId: "B2EEC8B5-1CAB-4FBE-BBA2-D2FFA3EF9489", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*", matchCriteriaId: "BA63B803-4D48-42E8-A793-F92ABCB8BFC9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*", matchCriteriaId: "129DB9CB-E878-4856-A954-15FFE1428636", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*", matchCriteriaId: "730DB4AA-FD7D-40C6-8D7F-19937832EF9A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*", matchCriteriaId: "07E86978-4820-422A-8C7C-FF0697DAED05", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*", matchCriteriaId: "8A7A9DB5-F544-4FD8-A9CC-0BD6257516AF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*", matchCriteriaId: "AF813AD9-D296-4915-861C-8DE929E45FE3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*", matchCriteriaId: "04A65469-083F-40B5-86C5-A2EAE5B2F00A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*", matchCriteriaId: "8F1AA82E-BD86-40F5-B417-71DF6AF53A37", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*", matchCriteriaId: "B71A6DB0-5EB0-4712-8480-CF427F521D33", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*", matchCriteriaId: "8223D5A1-ADF1-43C6-AF91-EE5C413BCB37", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*", matchCriteriaId: "4DD69605-F52B-4623-921A-983A5A408ECA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*", matchCriteriaId: "B1D5685F-6FFE-4A6A-9FF8-940C8DA36499", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*", matchCriteriaId: "B94062D9-8DDA-4B4A-B3B5-07F71F5B97E7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*", matchCriteriaId: "3832D0A6-419D-4876-B5C4-920578F713F3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*", matchCriteriaId: "E1AA5C8A-83A8-4F96-9D7C-7A50ADDB2341", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*", matchCriteriaId: "404E38E6-9EB3-41D0-97A7-DC579688BFB0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*", matchCriteriaId: "40E4A921-AB28-47B7-B5A3-EB82193D15BA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*", matchCriteriaId: "B0357E48-2300-47B4-B9E5-9FE813A2FC09", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*", matchCriteriaId: "96CC28B6-57D1-4919-AA55-A262CC16AFE6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*", matchCriteriaId: "0EB4C54D-1265-425A-B507-E1099844875A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*", matchCriteriaId: "97362147-3A71-430D-9064-4435D45C3B8C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*", matchCriteriaId: "89212CF3-4E99-4389-94CE-F4211DDCA01B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*", matchCriteriaId: "FBEA4DA3-0AFB-4FCE-92DB-5B316775BB17", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*", matchCriteriaId: "611C0A0A-1FA3-42F9-82E8-BFCB71A077DD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*", matchCriteriaId: "36F027D9-DCB4-4A3D-8987-41F2941DBD45", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*", matchCriteriaId: "E23BCEC9-2BFB-4B41-9A7A-18B1347C6202", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*", matchCriteriaId: "4924CE39-A846-4DB4-9547-6322FC5AD6B3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*", matchCriteriaId: "6C9E2C9A-94A1-456B-90D5-54932DF64C22", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*", matchCriteriaId: "AC04C652-B2D8-4002-A50E-8AFE83204A25", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*", matchCriteriaId: "10D413F0-CDBC-4A63-B9A7-9E7725BA1E83", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*", matchCriteriaId: "754A8826-59F7-4A71-B74B-737BE9C7DE4F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*", matchCriteriaId: "FADB6BDA-6825-489B-AB39-7729BA45DFD8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*", matchCriteriaId: "7913F57E-E600-4767-AF51-D045E1898E72", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*", matchCriteriaId: "BD3783F4-5A05-45AA-9791-A681011FD78C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*", matchCriteriaId: "01E3114D-31D2-4DBF-A664-F4049D8B6266", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*", matchCriteriaId: "D8EE6578-981D-470C-BB24-4960B3CB1478", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*", matchCriteriaId: "E3320D50-C5C9-4D75-BF1A-5BB7BCBFE2BD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*", matchCriteriaId: "7EE59839-8EB9-47FE-88E2-F0D54BE787A2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*", matchCriteriaId: "75694A3D-080A-4AA7-97DF-5A5833C9D9F7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*", matchCriteriaId: "19C5E27D-BBAB-4395-8FC6-8E3D4FB9A1EE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*", matchCriteriaId: "6E996176-3DEA-46E6-93B7-9C0DF32B59D3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*", matchCriteriaId: "4417007D-126A-478B-87EA-039D088A4515", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*", matchCriteriaId: "F78C2825-F6A3-4188-9D25-59EAEC8A7B0A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*", matchCriteriaId: "EF2FA85D-B117-410D-B247-8C5A3479319A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*", matchCriteriaId: "3A041D27-132C-4B15-976F-1750C039A89F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*", matchCriteriaId: "5D495E06-BF2B-4C5A-881D-94C93CD2BA2B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*", matchCriteriaId: "7C31DFB8-8D8C-47D6-AAFF-BAE829A3D965", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*", matchCriteriaId: "088BC395-06D5-4156-85EB-63C4A9552898", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*", matchCriteriaId: "33A220A2-A6D2-46A7-B168-607400EEDCE3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*", matchCriteriaId: "1E79232F-7196-440B-82D4-165885251232", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*", matchCriteriaId: "ED866954-77AB-4CA8-8AED-4252C595FC4D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*", matchCriteriaId: "28A1F516-B180-45D4-8EB1-754B7497CB2B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*", matchCriteriaId: "36758A04-64D3-4150-A004-CF042FA31CD9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*", matchCriteriaId: "1E01752E-F1DD-400A-A917-216CAF15B0F9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*", matchCriteriaId: "AD47EC58-F776-4F59-8F15-4B208904CF4B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*", matchCriteriaId: "2D3781F4-2123-4FA1-8AF5-D0D1E6C1A5B9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*", matchCriteriaId: "94565E35-8A58-4CB6-A489-C796DCB97FC5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*", matchCriteriaId: "49964D35-5323-4412-BD54-661630F9A8CB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*", matchCriteriaId: "F0A37E7D-1BF6-4A2A-BF52-5F0EC4B4F341", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*", matchCriteriaId: "A0F66468-87D0-41FC-934B-5924BE2956CB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*", matchCriteriaId: "3E0F93E1-4607-4DF4-AC6E-4B7254D4A8DE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*", matchCriteriaId: "45C0D99E-443E-4AB1-A07A-900A09FE177E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*", matchCriteriaId: "C6D0FD76-C1FB-43D0-8511-FC0BA6DA7960", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*", matchCriteriaId: "A9DAEE52-09C3-4A09-9958-9D6807B2700B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*", matchCriteriaId: "B97690D4-E814-4D40-B170-BE56D7AE2C1B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*", matchCriteriaId: "89804F2C-D32D-4444-ABEA-5B241153D096", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*", matchCriteriaId: "2AAAAF9C-B29B-4020-BAFF-C87B1A08294A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*", matchCriteriaId: "ECE60E1E-AB8D-46E4-A779-A54F2D20B5D5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*", matchCriteriaId: "EB958A28-7C9A-4BD0-B002-4E1A65CDB0A4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*", matchCriteriaId: "7C27B318-2AC1-423D-B0C8-583BB1800D5A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*", matchCriteriaId: "9E58E3D0-1154-4B13-BA16-67CE67DF0637", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*", matchCriteriaId: "32D2ACB3-B906-4944-A021-03C4645965BD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*", matchCriteriaId: "8FFF834A-D7F0-4E48-AD3D-DD0BCE6DEC0E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*", matchCriteriaId: "8E1A41BA-A1D6-484A-BAD2-68DF85598354", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*", matchCriteriaId: "11260C9D-69A9-4D81-9CCF-2E116DD75F7C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*", matchCriteriaId: "1C020F06-FD27-46E3-A48F-3F60F33BB969", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*", matchCriteriaId: "03C74F10-6A7F-4F68-8A34-E981E1760DE5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*", matchCriteriaId: "24741B98-8D0E-4307-AAEF-A14B2531DCA9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*", matchCriteriaId: "8D4FA4BA-4304-4A70-9F86-120F2A3D8148", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*", matchCriteriaId: "367FC8BA-F046-4264-A049-49E933E7698F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*", matchCriteriaId: "DE9B68D3-1DFB-4468-85C4-AC13E6CBC111", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*", matchCriteriaId: "C966A016-B650-44D9-B8C4-1ED50AB318DA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*", matchCriteriaId: "DC448FF0-6D3F-4609-864B-4191905EE2B9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*", matchCriteriaId: "0FC246FE-4CA6-4B2D-83C3-D50A386C24A0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*", matchCriteriaId: "758A14DB-1BAF-442A-BA7C-5E9C67847BEA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*", matchCriteriaId: "61309100-CFA7-4607-A236-8910838AA057", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*", matchCriteriaId: "82D76265-7BD0-4C51-AE77-22B22524DE81", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*", matchCriteriaId: "DE38B195-BB8D-4747-881D-E8033760B4C8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*", matchCriteriaId: "1AA8BE76-168D-48A3-8DF6-E91F44600408", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*", matchCriteriaId: "3B656975-5D71-4712-9820-BDB7BC248AFA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*", matchCriteriaId: "FA045267-114D-4587-B6D7-E273C28DC9B1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*", matchCriteriaId: "77018415-E122-406E-896D-1BC6CF790BE3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*", matchCriteriaId: "3ADF37F1-546B-4EF0-8DEC-DC3B9F5309FF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*", matchCriteriaId: "D7469256-1A64-46FF-8F5A-A8E9E3CF5BE5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*", matchCriteriaId: "7F9069B9-9FE3-4AD5-9A8E-55C0F73BD756", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*", matchCriteriaId: "F4E1C012-3E05-44DB-B6D2-BFD619C034B4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*", matchCriteriaId: "15D689D6-8594-42F2-8EEF-DCAEBA885A67", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*", matchCriteriaId: "A6446000-0494-4DC5-ABAA-F20A44546068", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*", matchCriteriaId: "99B94EEC-6690-45D0-B086-F4A5B25C25CB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*", matchCriteriaId: "8B767B6E-B3E6-4424-97A6-89A7E7EB0EEB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*", matchCriteriaId: "832AB3CD-E3A1-4CCB-A210-287973563D0E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*", matchCriteriaId: "5A26C0CC-68AD-40F5-96B8-87E6C643F6F8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*", matchCriteriaId: "99C4221A-9994-43B3-9C7A-E13815A50A10", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*", matchCriteriaId: "20070B1D-B91C-40BA-A9D8-E80170A2933F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*", matchCriteriaId: "A70129C9-371F-4542-A388-C095869E593A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*", matchCriteriaId: "6C4DE25F-168A-4C67-8B66-09F61F072BD4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*", matchCriteriaId: "58157F24-D89E-4552-8CE6-2F01E98BD1E5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*", matchCriteriaId: "BC7FFD78-1E1C-4246-BBD3-73FAC06AA46B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*", matchCriteriaId: "45ACBBEA-EC95-4F3E-B585-893DB6D21A0F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*", matchCriteriaId: "7DEC55DF-1950-45E5-A5F2-B5604AFA1CBD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*", matchCriteriaId: "A6A5EC79-1B21-4BB3-8791-73507BC8D4DC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*", matchCriteriaId: "FCB4AFC3-FE30-4F46-ADC1-D03EB14E757D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*", matchCriteriaId: "E0387587-AAB6-4284-8516-4DA3E3582D30", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*", matchCriteriaId: "A238C975-9196-449F-9C15-ABB2E9FD1D06", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*", matchCriteriaId: "6F17F4A5-120B-4E00-97C8-8A85841ACBC9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*", matchCriteriaId: "2537F047-64C9-4E73-B82C-310253184183", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*", matchCriteriaId: "3A55857C-649D-46CE-AEDA-6E553E554FC1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*", matchCriteriaId: "7BA4892D-AFDF-4441-821E-5EBF7F64C9F9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*", matchCriteriaId: "327E06A3-7F0E-4498-8811-10C8D15398FE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*", matchCriteriaId: "1624E6D6-858E-4085-B0B9-362B819EFD88", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*", matchCriteriaId: "50D61F4A-40F0-477C-8326-7359D3626E77", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*", matchCriteriaId: "1455B4DE-7F1C-4CF2-AE02-2EDD20025D62", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*", matchCriteriaId: "5B215788-860B-46CD-9A08-43AFF98FAEAA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*", matchCriteriaId: "2B92FAD5-CA6E-48F7-9613-3A4CE90F5F54", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*", matchCriteriaId: "E4EB132B-000C-4A17-AFB3-19F40A73D2CC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*", matchCriteriaId: "5C4815AE-B635-4545-83C2-5EC4E0128337", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*", matchCriteriaId: "C0046C06-E3E6-4674-A4D1-332DD29D9552", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*", matchCriteriaId: "2C191851-3DC3-41C7-AD89-81F091CCC83A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*", matchCriteriaId: "21126922-8E81-47F4-82D4-CBCDDACEC4FA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*", matchCriteriaId: "209E18B0-BBB5-4C65-B336-44340F7740DE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*", matchCriteriaId: "C867C0B8-91A4-482A-B7DD-54AB9599AE52", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*", matchCriteriaId: "30F03843-8A51-4CE1-BE6C-994BDE3A8F97", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*", matchCriteriaId: "09854948-2657-4261-A32A-0523058F072E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*", matchCriteriaId: "D13904A5-266D-481C-A42A-734C3823A238", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*", matchCriteriaId: "ACC82FCB-0541-45C4-8B7E-CB612D7F702A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*", matchCriteriaId: "6C18BD84-5E9C-4C9E-B0AA-2CEB0D7A58C3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*", matchCriteriaId: "0F5ABC7E-C4E0-4850-A1E6-07EBCF4A87D3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*", matchCriteriaId: "501E9355-0CDD-4951-BCC3-47962788BCCB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*", matchCriteriaId: "B3D976D9-62F0-43C3-8359-E51E26B6CD87", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*", matchCriteriaId: "02AFBCD0-9B4B-4CA3-8FA9-D8B6ECB24894", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*", matchCriteriaId: "64ADE9AF-196F-4E0B-BC66-7DE0183F9032", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*", matchCriteriaId: "C90CCA48-1705-4564-AAF9-271201BD5113", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*", matchCriteriaId: "0B82BAFF-17F5-465C-8032-67D5ECAB2921", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*", matchCriteriaId: "1F694FEC-B97D-4BDA-ADFA-751E8BFB7CD2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*", matchCriteriaId: "F831371E-7437-48D7-8281-1F406215041B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*", matchCriteriaId: "BC4F06B5-615A-464A-A0C4-7AABEE8530CD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*", matchCriteriaId: "92AF503A-A2B1-4FC3-858B-264049ADF0F8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*", matchCriteriaId: "E702C7EC-B1D9-4BDF-B334-2004CD76B52B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*", matchCriteriaId: "E39F31D6-DC4B-46FE-BE5D-EA612D915A96", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*", matchCriteriaId: "51CB8036-5F36-4CD4-9B3E-D2401F2E64F6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*", matchCriteriaId: "F9849BA3-3990-4E30-B99B-ADD043314CDA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*", matchCriteriaId: "A20FB18A-D3DA-4DE9-BEFF-75B7AB9B9A55", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*", matchCriteriaId: "7A67CD6F-5E4F-4E69-A2A9-A4033DCE08EA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*", matchCriteriaId: "A0A22E92-1EA7-45D9-AC86-EC3D9664C294", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*", matchCriteriaId: "D7FA2911-6561-47BF-BEE8-DDA31642C346", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*", matchCriteriaId: "1FA6CA23-6F2B-44D5-B2DA-4F142BA3E48A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*", matchCriteriaId: "0F829DED-4D92-401A-BD80-C070DE57FC7C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*", matchCriteriaId: "F560575C-FD8E-485D-B50A-572604BBE903", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*", matchCriteriaId: "6ED8C51B-AE59-46DC-85F9-6D3B2891CB3F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*", matchCriteriaId: "1A38D00A-B9DC-44DF-8247-70355FF9A6EF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*", matchCriteriaId: "381EFC43-D5D9-4D10-90BE-4C333A9BA074", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*", matchCriteriaId: "CBEDED18-2755-4C55-A1A1-04B4D5F40276", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*", matchCriteriaId: "F04B57EC-0731-40C8-939F-1C686A65A0FC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*", matchCriteriaId: "2AB301FB-EB3E-4F5F-868D-5B66CC7E1E6B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*", matchCriteriaId: "CE1D28F9-B135-441B-A9BF-792DD356E374", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*", matchCriteriaId: "4D01CE3E-5C89-4FC0-9097-CAC483ACD441", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*", matchCriteriaId: "7BDD55C4-AFCD-4DF2-921C-DDC1D7556DA3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*", matchCriteriaId: "8F52334F-BE6A-4FD4-9F63-AE9BB017115B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*", matchCriteriaId: "C7C9BCC3-B9A6-4195-BF2F-E7BBCE8DC269", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*", matchCriteriaId: "2A4DFFA7-AA0E-4D7E-97B8-13389FD47D4A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*", matchCriteriaId: "707F6671-57AC-4DF4-8024-444502E5C92E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*", matchCriteriaId: "3C1FCE07-F9E8-4B14-95CE-01784D472128", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*", matchCriteriaId: "C208711F-FC06-46C8-8849-27054DC1B264", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*", matchCriteriaId: "25AB8041-F201-4BB3-AAD9-199B06697DF3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*", matchCriteriaId: "D75C474C-D5EF-42D6-9B2A-A504BEFCB982", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*", matchCriteriaId: "1F566CD3-3649-492B-B0AB-A107E51675B9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*", matchCriteriaId: "BB9F3D74-AE72-4FC5-83E9-890781AF3093", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*", matchCriteriaId: "0E8EA6A7-4AB8-487E-B5DD-9989CC5F1CD8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*", matchCriteriaId: "DF63DDC8-A0C1-482B-92F2-CF6135E8C2A5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*", matchCriteriaId: "C69918C6-7AAD-4AA5-AB72-C275367B1008", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*", matchCriteriaId: "06155B0B-A5AD-4A82-8C02-D264981687A6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*", matchCriteriaId: "F76C19A4-FA26-432A-9443-9F92B2A946EB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*", matchCriteriaId: "99BEE9BE-E49A-489B-B333-95D0993F8FA3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*", matchCriteriaId: "7427A678-EC47-4030-B905-619DD95F5A82", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*", matchCriteriaId: "86749716-1C9F-4C2A-B2A7-E62DEC10EA30", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*", matchCriteriaId: "FD000B53-06DA-4ED4-B0EE-9CB201B75C8D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*", matchCriteriaId: "A8424463-C329-4BAA-8AA1-25CD8B63292E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*", matchCriteriaId: "52727E62-0048-4C56-BC8C-B3450D257B21", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*", matchCriteriaId: "9D8223AA-F077-45FD-A7E3-3C2C1A8F6E91", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*", matchCriteriaId: "FAA34B50-2330-4D77-BF1A-6F05F3EF222C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*", matchCriteriaId: "F6421F69-1076-43D2-B273-DE80FB2D5F72", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*", matchCriteriaId: "C1EDA9E2-CFE7-4917-BE48-A83208BDF0F3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*", matchCriteriaId: "9A34E7FC-93A4-45F2-A7B6-4A8ABFCAB0F9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*", matchCriteriaId: "7E611EDD-D44C-4311-B681-431D7C574528", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*", matchCriteriaId: "C5E1B6AA-2F9A-43A8-9147-2BD9474E54C7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*", matchCriteriaId: "1886D007-85B6-4E5A-968D-A1FD476A08A8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*", matchCriteriaId: "BDDDCB65-4404-49BC-9515-ECECD58A667F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*", matchCriteriaId: "1B8D3E00-64C3-407A-9B00-8B6E383F73FA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*", matchCriteriaId: "CB1B00A1-9C15-47C2-9F57-66586DEACC7D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*", matchCriteriaId: "CB5BF932-459F-4DD2-B160-5FE0371C7D83", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*", matchCriteriaId: "A58ACE96-F1BE-4261-8F94-FC3C6E7C7561", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*", matchCriteriaId: "783D6EA7-C016-4314-A87B-4FED1DC7114B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*", matchCriteriaId: "7AD0176F-FFAE-4A85-9327-CE72FE059E90", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*", matchCriteriaId: "A56970C7-F8D3-41B2-A78B-0C7F4A2A4E0A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*", matchCriteriaId: "26D4CE1F-86C8-4E48-9146-9DB57BF540FB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*", matchCriteriaId: "CB7F9D65-5537-4C25-B02B-2393F60D1299", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*", matchCriteriaId: "F09C8A92-820D-4572-A797-180E17A7DEB6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*", matchCriteriaId: "CA7D77A2-0D9A-4D0D-B0DC-152757917BE6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*", matchCriteriaId: "A07D3F1A-16CE-461F-A2F4-80FE5F841CB3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*", matchCriteriaId: "0C04557A-C508-4FAD-A535-1C0AEFF08075", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*", matchCriteriaId: "6AFAE489-6679-4705-BF9C-BB6D385A1DC3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*", matchCriteriaId: "429A99C8-BC55-4887-893C-7124C1A5DB08", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*", matchCriteriaId: "E3A2B709-CC19-4116-A5BE-5DB5C8B45A12", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*", matchCriteriaId: "D79DAC74-1F28-4EC8-B417-3FAFFB74C4BB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*", matchCriteriaId: "6F1F1377-6220-43FB-BEF9-BAA7B0158147", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*", matchCriteriaId: "18422CA8-3000-46B1-9065-2369E6B0BE16", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*", matchCriteriaId: "5D558C66-E80E-4FC7-A0DF-485466390C46", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*", matchCriteriaId: "E23EA9AE-9E70-47B5-AD9B-0DF13A0939E0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*", matchCriteriaId: "860F22F6-4C87-47C5-965E-02A1AFF41A72", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*", matchCriteriaId: "19A2CA86-BFA8-4C78-987D-AD26F32622F7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*", matchCriteriaId: "EEF64E0A-CDB0-427E-A96F-095EFEBA0A3D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*", matchCriteriaId: "425F6D34-EE60-464B-8EA6-8116EDAA1219", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*", matchCriteriaId: "CEB9F657-1239-4424-A2E8-F8BD98C0095E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*", matchCriteriaId: "F631403C-0A67-42CB-815C-133EB87E0C95", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*", matchCriteriaId: "6A4A5A57-B1A2-4BBA-AC36-7EA7DF9CDE06", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*", matchCriteriaId: "0453C0EA-BA67-49D5-964F-35493F97D905", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*", matchCriteriaId: "4D4D237E-ACB7-4382-AF5B-D27E634BF867", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*", matchCriteriaId: "B5461EB2-2958-4923-86AF-C74D449120B5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*", matchCriteriaId: "45C22141-E698-4E38-AF50-9CE04C1168FE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*", matchCriteriaId: "49D0E470-427D-4A68-AFD2-982A4F7CE2D7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*", matchCriteriaId: "43AB50F3-14AC-44BD-B7F0-A683C5FD1A3F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*", matchCriteriaId: "713C4B7A-C38A-4818-A258-D07DEDEC906E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*", matchCriteriaId: "C59740BE-FC30-4400-B978-1DB41282971C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*", matchCriteriaId: "839728F0-5F23-462F-B493-C37EE4C874F9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*", matchCriteriaId: "6F1B47DA-BA53-4D7A-9B5B-582238D5E99A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*", matchCriteriaId: "D452F1BF-1FA5-463C-8F13-6357509FB5D1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*", matchCriteriaId: "EF6D1F4C-B396-468C-BA32-9367A68C95DD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*", matchCriteriaId: "B76A812F-D77A-49C8-B7A5-0C08258D4BBD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*", matchCriteriaId: "6E001AAB-07EC-47BF-BDE9-BB927872781D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*", matchCriteriaId: "D1DF11F5-61E8-4A98-86C8-49D6B3224FCC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*", matchCriteriaId: "AED153E7-99A2-4C02-B81B-C3DDF8FAE1A0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*", matchCriteriaId: "D024802A-EA60-4D9B-B04C-027A0703EABD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*", matchCriteriaId: "BA731F3C-1F04-4EE2-83EC-9486F5032903", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*", matchCriteriaId: "544A59F6-E731-43C8-8455-69256933E71D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*", matchCriteriaId: "624258EE-7FFF-4432-9B6D-4D60AA73CD9A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*", matchCriteriaId: "69A2701A-35A8-4268-B9CF-40BA3219373B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*", matchCriteriaId: "15E671F6-8DED-4735-BE97-58A60E5B5C13", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*", matchCriteriaId: "3FC68B2A-8570-4311-BB60-49DBBDAF7430", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*", matchCriteriaId: "9826FA02-937E-4323-B9D5-8AE059ADBE95", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*", matchCriteriaId: "9B8630BB-48AA-4688-A6F0-212C1BB4D14C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*", matchCriteriaId: "9AC98D35-D7D5-4C24-B47E-EDE2A80B2B9E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*", matchCriteriaId: "A2F8ABCB-12C3-4C45-844E-B07F77DA2DE9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*", matchCriteriaId: "326105AC-3926-437E-8AFF-916960107050", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*", matchCriteriaId: "866E1275-7541-4B80-8FDF-53246A204C15", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*", matchCriteriaId: "E190929D-D3CC-46E1-A903-0848829061DF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*", matchCriteriaId: "81E4EBCB-B660-4F6A-AD73-81B9D8964162", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*", matchCriteriaId: "55D58CC5-CB46-464D-93B8-6AD5A19AF097", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*", matchCriteriaId: "16541D3E-EBBD-4D92-96D8-F169733377AE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*", matchCriteriaId: "3F08D257-F570-4D39-A6E8-0F60E55472E6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*", matchCriteriaId: "C20ED667-2BFB-41C7-82BA-9F0C0044DA08", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*", matchCriteriaId: "6158ED8A-007E-48B7-99BF-8BA03BF584BD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*", matchCriteriaId: "DBA7096A-F321-49A0-911A-F9683ABE6E6A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*", matchCriteriaId: "6A471395-7F8F-4BA5-962D-4D8F271FAB47", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*", matchCriteriaId: "B9484380-92B9-44DB-8E20-DC8DE02D1CA6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*", matchCriteriaId: "8010808D-805D-4CA3-9EA2-55EB1E57964C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*", matchCriteriaId: "9716FE9F-A056-42A3-A241-F2FE37A6386A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*", matchCriteriaId: "F73422A3-ECA0-4C41-9AA5-CF7D77885CF6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*", matchCriteriaId: "7A96A5AF-C9EF-4DED-AE25-4540A2B02915", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*", matchCriteriaId: "D5115B12-053A-4866-A833-D6EC88D8F93E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*", matchCriteriaId: "C5619D4D-9685-4595-8A5F-A18273FE4213", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*", matchCriteriaId: "B77E00E7-0EA4-4E32-A693-0E0F66BA4C57", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*", matchCriteriaId: "DAA3457E-7E1A-4878-9752-79382E954A66", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*", matchCriteriaId: "68630C63-4457-4E12-B7BD-AD456B237FC5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*", matchCriteriaId: "F6FB5695-2950-4CEC-81B4-FD280F835330", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*", matchCriteriaId: "9F340AF8-508F-449D-9AFA-4E55F069B4F3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*", matchCriteriaId: "E944410E-D674-4141-B50C-9F55090325FF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*", matchCriteriaId: "A6438E07-0AC0-4BF9-B0F2-9072CA9639D6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*", matchCriteriaId: "5079AA70-C864-4AE2-809C-52B50632F2B3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*", matchCriteriaId: "5D124BCB-D8C3-49F5-B05C-E09B3CEBEBCD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*", matchCriteriaId: "6A86291B-C986-4320-BCEF-9F5AD8B309D3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*", matchCriteriaId: "1227659F-1393-4189-978B-CC3DC53BF407", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*", matchCriteriaId: "4C2DB843-638F-41EF-B486-409318AA2DE9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*", matchCriteriaId: "A0004D8A-A186-4DA2-A7AB-18A6456438FF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*", matchCriteriaId: "75B6BE9F-F113-4976-951D-53F2E183A95A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*", matchCriteriaId: "DEB005F1-9719-4985-B9D9-2140C962ADD1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*", matchCriteriaId: "A94D0C1B-F30F-4724-915E-192C53FAE58A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*", matchCriteriaId: "3F247860-1D2C-415C-AFBD-26BD875AAF02", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*", matchCriteriaId: "9697EDCD-A742-4AC6-876E-1080AD684207", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*", matchCriteriaId: "6E73924A-875B-44D0-8F7C-A822B0488126", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*", matchCriteriaId: "03751B92-EE07-4F16-A476-BD25561810BC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_j:j2850:*:*:*:*:*:*:*", matchCriteriaId: "A3A630E1-6CAE-4809-AB18-5002F158AE90", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_j:j2900:*:*:*:*:*:*:*", matchCriteriaId: "A67750FF-EF4B-414F-8ED4-299CAF33B0DF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_j:j3710:*:*:*:*:*:*:*", matchCriteriaId: "5A82D885-82F5-4755-BC11-5899E28CEE42", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*", matchCriteriaId: "88AF1366-8A14-4741-8146-886C31D8D347", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_n:n3510:*:*:*:*:*:*:*", matchCriteriaId: "7FD75301-E29C-47DC-B53F-DC44EA0C1885", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_n:n3520:*:*:*:*:*:*:*", matchCriteriaId: "8C944024-BEAA-43AF-A339-FD69C75E8240", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_n:n3530:*:*:*:*:*:*:*", matchCriteriaId: "435C69D1-3932-4379-8D18-B1E12D558325", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_n:n3540:*:*:*:*:*:*:*", matchCriteriaId: "3572B700-73C0-41D1-95FD-FE9D5B0C1F80", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_n:n3700:*:*:*:*:*:*:*", matchCriteriaId: "97A40DC9-0D4E-4C91-8D1B-3CED95B3952E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_n:n3710:*:*:*:*:*:*:*", matchCriteriaId: "16FB3E4B-05F8-411A-8C86-4ACE03815553", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:pentium_n:n4200:*:*:*:*:*:*:*", matchCriteriaId: "8E55EBC1-6F96-47CD-9503-7855EFB07240", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5502:*:*:*:*:*:*:*", matchCriteriaId: "4208DBA1-7F85-4876-9B6C-D1B43EAAB2AD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5503:*:*:*:*:*:*:*", matchCriteriaId: "F5ADC8E5-1CE7-4481-A9B5-61BFC6B4FF50", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5504:*:*:*:*:*:*:*", matchCriteriaId: "A1789924-FADB-4076-8874-120B29EE6B86", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5506:*:*:*:*:*:*:*", matchCriteriaId: "BC246667-2F6F-4024-9EAA-2CE3018235C3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5507:*:*:*:*:*:*:*", matchCriteriaId: "B21BA7F8-D4B5-4E6B-8FCE-04BBD3501AA5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5520:*:*:*:*:*:*:*", matchCriteriaId: "1341A5D4-A5CE-4D31-A178-01C3069D7A55", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5530:*:*:*:*:*:*:*", matchCriteriaId: "86A5C199-92E5-435C-AC40-175849285104", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5540:*:*:*:*:*:*:*", matchCriteriaId: "67589F54-0A54-4DE7-9A47-A73DD05F7965", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5603:*:*:*:*:*:*:*", matchCriteriaId: "DDC34C8E-1BB9-43CC-9D89-9E6DC435B7EB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5606:*:*:*:*:*:*:*", matchCriteriaId: "8BE5163E-9BCF-4BF8-BCB9-B48C4E7E1564", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5607:*:*:*:*:*:*:*", matchCriteriaId: "92C5DC8C-3318-440B-8B29-4827F343927B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5620:*:*:*:*:*:*:*", matchCriteriaId: "0ECC47D8-F602-4CEA-B19A-209CE76C9D36", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5630:*:*:*:*:*:*:*", matchCriteriaId: "7514ADD3-DECC-4CC2-9421-A609E526FDC6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5640:*:*:*:*:*:*:*", matchCriteriaId: "6ED2EC97-8B2D-47A9-8EC7-D1E0ACBB6C52", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5645:*:*:*:*:*:*:*", matchCriteriaId: "691097C3-F91B-499B-BAEB-4E7E9C43B517", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e5649:*:*:*:*:*:*:*", matchCriteriaId: "0B3DB1ED-017B-43EF-92A3-A8A88669FBC2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e6510:*:*:*:*:*:*:*", matchCriteriaId: "19A49AAF-0F08-4151-8F74-4EF9C3415B00", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e6540:*:*:*:*:*:*:*", matchCriteriaId: "3F7A2018-BB4D-4DC1-813D-A4AA3F270893", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e7520:*:*:*:*:*:*:*", matchCriteriaId: "A95D91C4-C539-4458-A6C9-8AE17207AE30", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e7530:*:*:*:*:*:*:*", matchCriteriaId: "37F9D218-8198-42C7-88FE-7C5382138324", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:e7540:*:*:*:*:*:*:*", matchCriteriaId: "CF8FDD81-95EE-4241-93C8-925085A4CE7B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:ec5509:*:*:*:*:*:*:*", matchCriteriaId: "614D9E35-10E0-4CCB-B817-C7C8C3947BE4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:ec5539:*:*:*:*:*:*:*", matchCriteriaId: "F75F987E-F4DB-46FF-B048-21B4A4C07B10", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:ec5549:*:*:*:*:*:*:*", matchCriteriaId: "05376F2C-30B6-406D-90F7-6C2E00E85171", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l3406:*:*:*:*:*:*:*", matchCriteriaId: "CCDD3DF6-24BF-4C13-8F07-AF07327E5622", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l3426:*:*:*:*:*:*:*", matchCriteriaId: "B1520A64-2157-45D7-A135-F900798C4EB5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l5506:*:*:*:*:*:*:*", matchCriteriaId: "05A30F85-5367-4369-B7A5-176D71279FC3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l5508:*:*:*:*:*:*:*", matchCriteriaId: "B8803FF9-48D7-4AB0-8A17-4590CABD0BFD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l5518:*:*:*:*:*:*:*", matchCriteriaId: "1DC63B6B-5D6D-477B-9125-007F835981B4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l5520:*:*:*:*:*:*:*", matchCriteriaId: "BF385AC9-963E-4670-95A6-BE1EBC3890B7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l5530:*:*:*:*:*:*:*", matchCriteriaId: "943FA088-2902-45A9-A1BA-D612B46A50D9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l5609:*:*:*:*:*:*:*", matchCriteriaId: "8C80902D-9A6C-47D4-B56F-35C378FC0E63", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l5618:*:*:*:*:*:*:*", matchCriteriaId: "1100B46C-8485-4048-BFF8-2BAB311EC04A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l5630:*:*:*:*:*:*:*", matchCriteriaId: "4B9E1646-E154-41BA-B9FA-0839A898023D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l5638:*:*:*:*:*:*:*", matchCriteriaId: "03F4C8E6-0043-41A8-94EA-EEBAA1A081E7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l5640:*:*:*:*:*:*:*", matchCriteriaId: "31C10985-CBF7-4717-A7D6-2594887D7CB7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l7545:*:*:*:*:*:*:*", matchCriteriaId: "8C49886C-B6A0-4D95-8533-329FE5A66F6B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:l7555:*:*:*:*:*:*:*", matchCriteriaId: "0788CF23-3FAF-44C9-9AAA-96E4818A1AEC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:lc5518:*:*:*:*:*:*:*", matchCriteriaId: "24AF7001-64D1-4BFB-9280-0BA0FAD97A0A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:lc5528:*:*:*:*:*:*:*", matchCriteriaId: "8C6E420E-16DA-4FB1-9968-C93E229614FA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:w3670:*:*:*:*:*:*:*", matchCriteriaId: "07469E04-B3D2-41FE-A2E4-E25A977026CD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:w3680:*:*:*:*:*:*:*", matchCriteriaId: "60FF402E-5E4F-414A-A3AB-149548303616", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:w3690:*:*:*:*:*:*:*", matchCriteriaId: "79E2B875-A270-45C0-A1B1-041264E5B290", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:w5580:*:*:*:*:*:*:*", matchCriteriaId: "8C828C8C-7ECB-4167-87A9-0F522C400C66", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:w5590:*:*:*:*:*:*:*", matchCriteriaId: "0C2C887F-1EF7-468A-A6AE-440793C78DAC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x3430:*:*:*:*:*:*:*", matchCriteriaId: "6F2F3D7F-D884-4ACD-A103-060F57A9867B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x3440:*:*:*:*:*:*:*", matchCriteriaId: "BD1FCAAD-7072-45EC-9ACB-08556458BAF6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x3450:*:*:*:*:*:*:*", matchCriteriaId: "C4446224-40E8-4AD0-8197-921D3473E19B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x3460:*:*:*:*:*:*:*", matchCriteriaId: "4EA159D9-8C7F-4BE5-9093-A21C7D00F7EA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x3470:*:*:*:*:*:*:*", matchCriteriaId: "B92B68FD-771A-4401-8B1D-B1A252356F62", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x3480:*:*:*:*:*:*:*", matchCriteriaId: "1B933941-0BE3-4EEB-8FDD-2DAA63343EE5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5550:*:*:*:*:*:*:*", matchCriteriaId: "8D060EF0-B29C-4B54-86A0-FD5CFF7B80BB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5560:*:*:*:*:*:*:*", matchCriteriaId: "36F737C1-6011-42D2-9690-CA81EA0A283C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5570:*:*:*:*:*:*:*", matchCriteriaId: "19CA7EB6-D1C9-48D9-A69A-2618800A6CE6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5647:*:*:*:*:*:*:*", matchCriteriaId: "0CA1F3E5-ED7F-4E4C-AD0D-0EEC542A9E51", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5650:*:*:*:*:*:*:*", matchCriteriaId: "ED6E3C9B-A661-4B37-B76D-A3F7BD638D4A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5660:*:*:*:*:*:*:*", matchCriteriaId: "56C909B0-8FB2-4220-AF93-EECB8D650CC3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5667:*:*:*:*:*:*:*", matchCriteriaId: "FF36BAD0-A762-4F84-BE0B-060FE666ED67", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5670:*:*:*:*:*:*:*", matchCriteriaId: "007337CD-94FB-4ED9-B4A3-9E0EC52D79B2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5672:*:*:*:*:*:*:*", matchCriteriaId: "BCDFA137-F1FC-46BD-9872-D62671B1434D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5675:*:*:*:*:*:*:*", matchCriteriaId: "2E6DBCB3-E912-43A1-914B-5C7CCFAADE25", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5677:*:*:*:*:*:*:*", matchCriteriaId: "0FCF36E2-0B42-4F23-97D6-9E79ECCA8FAD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5680:*:*:*:*:*:*:*", matchCriteriaId: "E2C67312-E128-4833-A91E-D7A9F96A7AD5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5687:*:*:*:*:*:*:*", matchCriteriaId: "3F19F408-FABD-4A68-8CDC-C763F0321FB1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x5690:*:*:*:*:*:*:*", matchCriteriaId: "68A06EC2-E491-4CD5-9904-61A88EBB7FD5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x6550:*:*:*:*:*:*:*", matchCriteriaId: "789A8CAE-8D9E-4244-880D-FBE28EC53AED", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x7542:*:*:*:*:*:*:*", matchCriteriaId: "F901EE11-D0C9-46F6-8316-D8F4F1D50260", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x7550:*:*:*:*:*:*:*", matchCriteriaId: "E549F600-B9CE-4843-A772-2DACC528903E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon:x7560:*:*:*:*:*:*:*", matchCriteriaId: "3F28E733-87ED-4610-A8EE-BD37BED7685B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_bronze_3104:-:*:*:*:*:*:*:*", matchCriteriaId: "5DB488DD-D97C-4E21-A055-E6CECBBBC34E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_bronze_3106:-:*:*:*:*:*:*:*", matchCriteriaId: "9DC12C97-9966-40E2-8B23-B4453EC9EA6A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*", matchCriteriaId: "2832E8BF-7AC7-444C-B297-66F770860571", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*", matchCriteriaId: "44AA72FB-E78D-419E-AA82-B0538C6504D3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*", matchCriteriaId: "687C3BF3-D71A-49AD-8A05-EAC07CBCD949", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*", matchCriteriaId: "90AF90D9-16C4-4F8A-9868-3E2823E3445C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*", matchCriteriaId: "3C063C53-8970-45B1-85F8-FB2080BF4695", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*", matchCriteriaId: "64596ED7-794A-4D23-987B-D9AD59D48EA5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*", matchCriteriaId: "C2E52BA6-2F2F-4CD2-A601-5B0ADDE5E23F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*", matchCriteriaId: "3FDA48F0-0F35-4A8F-8117-B0B28E00AB95", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*", matchCriteriaId: "A561A8E8-79E2-4071-B57D-590C22EF86A8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*", matchCriteriaId: "92E46658-60AB-4758-9236-3AC0E6464383", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*", matchCriteriaId: "207B8FBA-E2FF-485A-9AD9-E604AE0FB903", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*", matchCriteriaId: "33F99640-C753-40BE-A0A1-4C2D92E7DB09", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "BA1EC6D3-01CD-4CAB-817D-AE2E72FD0D03", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1125c:-:*:*:*:*:*:*:*", matchCriteriaId: "6F98247B-1839-4676-855B-827A4B6C016B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "FDBA35BD-1048-4B6E-96B2-1CFF615EB49A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1220:-:*:*:*:*:*:*:*", matchCriteriaId: "E6CEEEE2-D6A2-4342-8A73-934093948824", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "979FEE9F-A957-43B6-BB6D-1A851D6FA11C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "1A7AF59D-D05E-47F9-B493-B5CD6781FDDD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "7EF7EC93-0170-45A9-86C7-5460320B2AE9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "A8A7B1C2-D2CE-485A-9376-27E14F3FA05A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*", matchCriteriaId: "B5F803AC-DCC7-43FC-BEB3-AA7984E0506C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "560993AA-299D-42B7-B77F-1BD0D2114CCB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "1C582B1C-1DAC-48FD-82DD-7334C10A2175", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*", matchCriteriaId: "D7862B0C-2C44-4110-A62A-083116129612", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "048C5996-F719-4338-B148-0DD1C13E02FF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "0196DA2F-CFA7-44D0-BDF5-37C7403E3B9F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "4B9FF7FB-AB5A-4549-8C15-E69458C649E2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "1CEF6608-B650-4C77-9823-0AD57B3484F1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "4BE6A2D7-901C-45F9-B487-D674047D522E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*", matchCriteriaId: "DCFCAC5E-6CF1-4EC1-A24C-688DD1016A96", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "1ADCB509-5B0E-4592-8B23-EC25A3F79D41", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "FB51691F-089F-4016-B25E-238074B06C0D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "EBAAC728-6A0F-4675-9677-AAF7DD5D38ED", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "DB3BFEFD-3D0D-48B0-A5AE-6F3C2D791CE1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "BC7E1AFD-9BCE-4487-A8DE-F9C60529CA7A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "7EA37503-FD3D-4220-933C-234631D6EDEF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*", matchCriteriaId: "72992831-2A76-456B-A80C-944BDD8591E4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "A79C2131-5566-4CC2-B6ED-38E3F6964500", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*", matchCriteriaId: "60BFDAA6-3DFC-4908-BC33-B05BAB462F94", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "B6266056-770A-4E2D-A4FC-F1475257648E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "929AA8F3-8BDF-4614-9806-6D4231735616", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "605D7552-8184-4B11-96FD-FE501A6C97DD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "3144BBDE-CC96-4408-AA02-ECC3BF902A34", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "1B8BA77A-34E3-4B9E-822A-7B7A90D35790", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "E7165B43-ED22-4714-8FA4-1E201D1BFA69", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "67CFB133-FAF0-431A-9765-8A9738D6D87C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*", matchCriteriaId: "2975B0F2-DB7C-4257-985A-482ED2725883", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "70221E07-3C2E-4A82-8259-AD583EB5CDDD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "427DFD78-56CD-43C4-948E-F53AF9D669F3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "3E3E6F5F-6B82-43D9-BD6E-D22F9B991DB4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "75AD7649-3FEA-4971-9886-6C9312B937A1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "B4EE972C-6BAE-4342-BA01-1D685487F9C3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "27CDFE3B-C064-49A9-BD43-3F7612257A74", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*", matchCriteriaId: "3BD0EEC1-D695-41A5-8CD6-9E987A547CC4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "C35AA9AC-28B3-49C2-A9B5-5D26DFEDB723", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "4DBF25B8-D474-4C6B-8E45-F57DDC7074E7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "3DF18FD1-6670-4C3C-8000-A079C69D575E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "D760EEAF-5CF5-4F25-8FA2-D4F75F4F5A91", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "921EB5A5-F911-4FCE-A6F1-C66818B34678", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "13878C13-1C7C-4B83-AF27-4998E8F659DC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*", matchCriteriaId: "023063E1-2DD7-487C-A8A7-939FAEE666A9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "77255CE6-D7B7-4B48-993C-7100A1170BC6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "B40AC368-3A14-4EFF-A8D0-7EFB4C83045D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "3472AA7B-C0CF-4D65-8A6C-B1D52D27F0CB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "C07E80D5-70A5-49C9-9044-D683C7ECCFF5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "63668AF4-F29C-4424-8EC5-2F0A5950DD58", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1275:-:*:*:*:*:*:*:*", matchCriteriaId: "E86616FE-0C3F-4984-A364-8A6A9F01DAD1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "09C1C7CD-538D-4D7A-A81C-10DF5376A479", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "5922F749-2B23-44B8-8A46-F31BCAEAD279", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "2C48BBAF-6B27-43D6-B86B-40CD8E7BA056", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "D75D0EEB-707C-4C86-A569-E91E9F00BA77", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "F0FB0E20-0243-40A1-8DEF-37150791222E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "68CFF26D-8AD3-4179-9E4C-F06D7C858C9A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "7541572C-229F-4963-B7F0-06EB3323E53B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*", matchCriteriaId: "85DE669C-27FD-4196-8B8C-1DA4EE4C1D6C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "479F7C77-D16F-4E40-9026-3EB8422E0401", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "7A242AC2-9AA6-43FD-90F4-5BF6E80DBB5E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "04DB08C8-0018-4A8E-A206-097BDDF83B08", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "B7193E85-30BE-42D5-A26B-3F88817F3574", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "446E8515-45FC-4B8B-8D12-60643D64C07F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "EBBDF6B2-D388-4639-87D8-064AA3F6B6FC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "00AAB8B6-B614-4EAA-BA90-C5326CB5D07A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "2A371DF9-E224-404F-99C2-C2A4607E62D8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "0F40E356-365D-44B7-8C38-A0C89DDD6D3E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "A3132029-89F8-4359-A0DC-A275785266A1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "B02F5685-0636-48AB-B222-434CA1F3B336", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "E51FDD60-88E5-4A86-BB8E-4C2D7EDEFA03", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*", matchCriteriaId: "3ED4693C-DECF-4434-90C0-56158F102E7E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "BB408A6B-0842-43DA-9180-B0A299FCBCE6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "6215EBAC-7C75-4647-9970-482120897F1F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "3357FCAC-B6C4-4E3E-A40B-AB5084A7F9B2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "3B1BD2B6-1AF6-4AD4-94FA-94B453A21908", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*", matchCriteriaId: "8D1FD6E8-80EC-461F-9ED1-CE5912399E80", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*", matchCriteriaId: "E96F585E-BDEF-45EE-B0AB-94FE23753AC5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*", matchCriteriaId: "3279C067-3058-4D46-A739-05404FD0E9B5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*", matchCriteriaId: "DB4DF0A7-8BC2-48AE-9036-FED6EEC57DF3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*", matchCriteriaId: "C0855225-F501-486A-BD03-2A86FD252B5A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*", matchCriteriaId: "214C7B0C-C438-4000-9F9B-6D83294243AA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*", matchCriteriaId: "4C91AA2E-4BB2-49C8-9364-4E363DF42CB0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*", matchCriteriaId: "DA26781F-5A1C-4DA5-835E-D984D697F22B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*", matchCriteriaId: "2EEA4222-F25D-4457-80AA-6D05CA918D68", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*", matchCriteriaId: "9F3E60D1-5CF9-4F96-9EDB-D87F8CF57272", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*", matchCriteriaId: "F4D321BC-6B1D-4C71-8E16-5A1319CEFD6C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*", matchCriteriaId: "6777AC35-9D1F-4153-94AC-B25627D730E6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*", matchCriteriaId: "A5F063F4-8994-4E46-BA7B-A12A112009BD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*", matchCriteriaId: "4D6F2DE5-AF11-439A-8D37-30CB882ECD58", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*", matchCriteriaId: "E213DD86-5419-42C8-BF38-7795DDB3C582", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*", matchCriteriaId: "A972291E-5231-439D-873B-2F87BCAF800A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*", matchCriteriaId: "C089CC54-3229-43D7-AA15-73CFA1A43EE3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*", matchCriteriaId: "EF268D83-C15D-4559-A46F-844E1D9264F0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*", matchCriteriaId: "CFE97C0D-3EA1-4314-A74A-7845C7778FB7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*", matchCriteriaId: "34293F29-F327-4ADD-BF62-78F63F79BB96", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*", matchCriteriaId: "528C0A46-1CC4-4882-985A-0BB41525BC6B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*", matchCriteriaId: "643F3522-A452-4927-944D-532574EC4243", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*", matchCriteriaId: "58F40B78-4DBA-44EE-8420-086789EFF53D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*", matchCriteriaId: "423BFD8F-4B50-43DA-9979-75FD18FBC953", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*", matchCriteriaId: "8BAD4A68-0481-476F-BBBD-3D515331368C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*", matchCriteriaId: "838CEB7C-7C4C-416C-86CE-6E8DD47EF25B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*", matchCriteriaId: "CC7D021F-3C97-45B3-B1F7-0AC26959F22B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*", matchCriteriaId: "4A31AEF3-448D-417B-9589-4BA0A06F2FE8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*", matchCriteriaId: "F7A1D96F-7FFD-413F-ABCE-4530C3D63040", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*", matchCriteriaId: "FDB2B08B-D3C7-4B82-B170-471D6CDEFAE5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*", matchCriteriaId: "4B8343FE-1320-40AE-A37F-70EF1A4AC4B7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*", matchCriteriaId: "CD42BA5A-7DA0-409D-8685-E43CF9B61D9F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*", matchCriteriaId: "A5FF80E9-CF28-4EF6-9CFE-4B500A434674", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*", matchCriteriaId: "7896A6C6-5918-4C27-85AF-6FEEFC7F8FD6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*", matchCriteriaId: "647B77A4-2F49-4989-AF43-961D69037370", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*", matchCriteriaId: "805B1E33-F279-4303-9DF3-C81039A40C1C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*", matchCriteriaId: "B971EA9E-AE5C-4A1D-AD55-8241F7B38C9C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*", matchCriteriaId: "DE7E0AAE-6539-4024-9055-BE0BAD702143", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*", matchCriteriaId: "7F1A8828-0765-4799-AD6C-143F45FAAD23", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*", matchCriteriaId: "12D34618-1CCA-405B-A49C-EB384A09C2C6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*", matchCriteriaId: "575D6061-66BC-4862-BC84-ECD82D436E2A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*", matchCriteriaId: "56B6EE64-1AD4-46B2-BA65-BB6282E56EB0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*", matchCriteriaId: "11650B45-0BDA-42BF-AEF3-83B48DD6A71D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*", matchCriteriaId: "BD3C92BA-827B-48AF-BBB3-FB60A9053C22", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*", matchCriteriaId: "AC097E24-F6C9-40D9-95E9-7EFDFA61AFF5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*", matchCriteriaId: "5EB44CA7-DFE6-4B1A-9A63-97AE30017E49", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*", matchCriteriaId: "4B305EFA-6226-412C-90EE-F0691F2DDDE0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*", matchCriteriaId: "7F3874FA-63CB-4B5D-8B64-CE920320A4E6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*", matchCriteriaId: "0800ED17-50E4-43F3-B46C-591DFA818BA5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*", matchCriteriaId: "A46B0405-F301-4209-8766-6E12EAFAD157", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*", matchCriteriaId: "F99F9F1F-A967-4884-96CF-4488102DC0A2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*", matchCriteriaId: "DA9B37AD-4599-425B-B39F-E571F4975266", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*", matchCriteriaId: "C5A5F1CF-A1E6-45F1-8B09-36566778DB57", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*", matchCriteriaId: "698C8A49-888B-4675-B3B0-25EDE2FD515E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*", matchCriteriaId: "70D98F97-8EF4-48B5-84BE-C3CC27031FDA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*", matchCriteriaId: "B473D1FA-909B-492E-9C5B-94B0E20E1C0E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*", matchCriteriaId: "BFD5EA7E-322E-4CE6-89D4-7DB1055C9034", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*", matchCriteriaId: "67836379-4E1A-45CD-9506-7D3F612E47C8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*", matchCriteriaId: "5B1BBC61-8664-4452-93A7-DDB4D2E4C802", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*", matchCriteriaId: "C4F1B50C-FC5F-47F4-87BC-60E1BD3DD1F2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*", matchCriteriaId: "044F0375-DF2F-4D9B-AD7E-473D34165E8C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*", matchCriteriaId: "2CEE9B72-5C4C-40C0-A8A7-9DF11655DA43", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*", matchCriteriaId: "4A0655CA-A88C-4632-9A18-560E3F63B2F7", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*", matchCriteriaId: "8C1454DD-DA51-4CBC-8BB2-09D5AB5777DB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*", matchCriteriaId: "C6965851-3B29-4C21-9556-97FD731EAA85", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*", matchCriteriaId: "52984FD2-44E0-4E91-B290-0376737EEF6F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*", matchCriteriaId: "4C5D92E2-E718-4247-BA5D-DFE86C0F6AAE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*", matchCriteriaId: "DF933366-7503-4F8D-B7AA-F6A16210EC37", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*", matchCriteriaId: "4E2DAF5D-5BB7-49C6-8426-8B547505B6FC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*", matchCriteriaId: "3EABB21D-D021-434B-B147-CAF687097A5B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*", matchCriteriaId: "7609424D-95F1-4493-A20C-B1BA4EC6439D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*", matchCriteriaId: "966DC636-C802-4D9F-8162-652AFB931203", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*", matchCriteriaId: "A75794EB-A5AF-43F0-985F-D9E36F04C6D4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*", matchCriteriaId: "31C2CFF0-98FD-4A0D-8949-D554B2FE53D4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*", matchCriteriaId: "05F9217F-5028-4659-AA8E-F60548DE4D52", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*", matchCriteriaId: "4AC769DC-CF2E-4A3C-A610-264F024E6279", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*", matchCriteriaId: "9B2B1CBF-D155-49BC-81A4-4172F177A5C2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*", matchCriteriaId: "370B2B32-519E-4373-8A04-5C5025D688BB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*", matchCriteriaId: "83D9B562-C279-4A55-A347-F28FC4F9CD12", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*", matchCriteriaId: "2A8C2BA0-48A8-4107-8681-A7C34C553D8C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*", matchCriteriaId: "B1B009DE-A82F-4569-9B42-EC1EC4DA8A40", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*", matchCriteriaId: "683B6E83-37FF-4F9B-915F-059EBB29DB53", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*", matchCriteriaId: "E218718F-4BE6-48B0-A204-9DD4A932A654", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*", matchCriteriaId: "FB0AB327-B60A-473C-9D36-97766EE62D7D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*", matchCriteriaId: "3DA249EE-4786-4E27-8787-5E8B88C2AEB9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "CEBD0529-1CF3-44E5-85B3-19A3323C9493", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "D664EE97-07EC-410F-94C3-AEAB2C6A627D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*", matchCriteriaId: "D31DB981-03B1-4A84-8D87-CD407C3C149F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "0CBD155D-89D9-4677-A621-4D7613BE65C6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "D02BD0D4-FFFD-4355-97D8-170362F10B9F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "6635781A-2651-4EF2-A5AC-AEEEE63FDE6D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "8DCE6930-760A-48C0-B964-1E3ED6A8517C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "9E52DE90-DF96-4CE7-B8D1-226BA50E4D09", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*", matchCriteriaId: "C8EB40E7-9B91-4106-B303-2B70AF395BFA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "EAB0D5CD-8AF3-409D-96A7-718641D4B90D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "6E420B0B-0CD5-41C7-B25A-3DB856055F9E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "8B0C295B-0D63-4BE7-830D-D927E00C301C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*", matchCriteriaId: "605C340D-2220-4669-B827-9009CB099E8B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "8791879D-2908-4F57-8DB3-6D24100A9108", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "CEBEDBBA-0427-4DE0-BA8D-737DE7DF80E6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "E823DC5B-98BE-4656-BFBF-3A7018F8F213", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "64E8D558-ADE0-4358-9C76-7BD77BF23AA1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "7973B3D0-F244-4E26-88F5-A2D9BF2E4503", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*", matchCriteriaId: "68E6BAB9-CBA4-4362-BC82-00D2C5CC6FB4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "CD3F4BFF-3CBE-4E4B-8B29-B203F99CFD8A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*", matchCriteriaId: "3F5CB567-4F86-4466-BE4D-BFF557ACAE0A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "8A52611B-6583-4660-90D7-C9472728072B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "E80C6E89-B57C-47BB-8B95-50C03DFB3B96", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*", matchCriteriaId: "A9AB685B-FEE1-41EF-A046-1B34619E12A1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "DB9F6724-967A-4AF0-9896-12BF6164B2CB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "FC1116BF-12D7-47CC-98DB-18B200CF9C16", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*", matchCriteriaId: "9FBB28DE-726B-4AF0-88A5-35987E1E648B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "5EA1DB22-8FBF-4CF6-AA96-5B68EE28877D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*", matchCriteriaId: "1880E2B8-5E0E-4603-8D17-3ABA43D28179", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "2FAFBB92-1917-4238-832B-195FBE418271", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "91DFDF3F-9A3F-42B8-99A1-A3F76B198358", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*", matchCriteriaId: "8778F972-BF34-482F-9FA7-71A77F6138E1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "8F288BB0-FE7A-4900-B227-BE80E4F4AADF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*", matchCriteriaId: "3A8DC53A-90C6-47FE-89F1-A1FE8B1C07A9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "57E16338-A094-4CA9-B77F-6FE42D3B422C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "4E07AB33-5351-487D-9602-495489C7C0B8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*", matchCriteriaId: "22115ED6-1707-4840-B0D1-AD36BC0C75A8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "C7C633BC-831F-4CB7-9D62-16693444B216", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*", matchCriteriaId: "9CF5EE7E-F41B-44EC-9F69-7963B1BF1FB0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "6DD501E1-E78F-44C6-8A13-C29337B07EBE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*", matchCriteriaId: "9085BA0B-B7E2-4908-90C0-B4183891C718", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "F2267CB8-0EE9-4DBD-AD5F-8A13BB62673C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*", matchCriteriaId: "81971C2F-137A-4F11-8C93-3B99D4CD1B58", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "98E0BDAC-398E-406B-B2DB-AE049D6E98B1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*", matchCriteriaId: "FCB66D7E-B465-4A8B-8CBD-7E93CCA2CD6F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "86AFDE6C-DE58-4C4D-882E-474EF6C3D934", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*", matchCriteriaId: "950C6BF9-AA47-4287-AC01-D183237490FA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "2355181D-D8EE-4F80-8280-13D5CBCF4779", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "5209343F-66B0-4DC0-9111-E2E64CFF7409", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "720109A6-B79E-48E1-9AE7-7708B154788E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "82FF0DBD-AE13-4232-80F7-F4C2E2CC9721", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "E5E944ED-8C02-46B8-BF95-0CE4C352753B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*", matchCriteriaId: "77AEA3D1-4846-46E2-9B80-20B19F00DC11", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "1576978F-E93D-4A47-90B6-6A4E3A7DE558", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "0D339FE5-001F-4005-88A5-CFFE37F9B63E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "1BDABA86-497E-497E-A5BA-46F913A4840A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "DD886F4C-DB6F-4DDD-9807-8BCBB625C226", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "9E16912A-7F6A-4A2B-B70F-D1FCD34BC7DB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "F4C454B7-E5F4-4AAE-B577-FD71FA002C8A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*", matchCriteriaId: "38BE2781-3A06-4D62-AC8B-68B721DA526B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "E9AE4EA5-B8C8-4AE2-9614-F9DBDB4D79DC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "2DA23772-2EB8-4BEE-8703-26D967EC4503", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "72DC766A-B1F9-4B83-9F9B-CF603EE476BD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "EA594740-43C5-4F42-BA5B-00CA8AE7BB60", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "572B16E2-8118-43A0-9A80-5D96831D55FD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "9FB5C551-BADC-4A3A-93E5-2EBCA0704C51", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "5383B7A3-1569-4FEB-B299-B87CE8C8A87B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "A05BBDE0-6C47-4489-9455-7DA7D230ECA1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*", matchCriteriaId: "1789AA69-EA31-44D1-82E6-228E48E18586", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "B4A7D5FF-3B1F-4C64-BB81-7A349765520D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "D93A92E9-C8D2-4F6E-A5CA-E8AFFEEC7E13", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "0F0498B3-393A-4C32-B338-E6014B956755", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*", matchCriteriaId: "C451F752-6869-4AFA-BAE5-5C9A54427BF2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "83710FD1-099B-436D-9640-061D515E10BA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "517B71CE-6156-40E1-B068-A2B733E205E3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "11DEEEE5-5055-4CE1-962C-C5F075F4CC02", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*", matchCriteriaId: "8718DDAB-3208-48CF-9BCE-54DA1257C16A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "FE1AA901-E822-4240-9D82-C9311E4F87B2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "C1CDE3DF-8E79-4997-94EB-B517FFCAE55C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "12A0DE13-EB0B-493B-BC84-3AEB3D454776", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*", matchCriteriaId: "1727697B-1F59-4E29-B036-C32E9076C523", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "E69E827C-C0D0-46C7-913A-1C1E02CEAACE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "2528F3F9-34DC-41DA-8926-382CB3EF5560", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "E452C262-5A8D-4D97-BC7F-A4F5FF53A659", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*", matchCriteriaId: "9D57BF69-D750-4278-98AA-976B0D28E347", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "76ADAE30-6CAD-4F5B-B6F7-C18953144C63", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "8A25D792-E21D-43EE-8B9D-67DE066DE5DE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "2C669783-C058-4B4F-BB9A-84B2C4682247", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*", matchCriteriaId: "159B088B-9A85-4CAA-854A-AA080E528F95", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "FBE74A94-FE8F-4749-A35A-AB7D57E24913", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "990AC341-0E67-4A81-87E9-EE3EFD9E847E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "53BC18B0-58F1-4477-9978-CA7383C197FB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*", matchCriteriaId: "474992FB-842D-4661-A565-44AF2CD78693", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "476E1B79-5342-4895-96D7-E97DFC1F5334", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "EBD318D5-89A6-4E28-939C-C5B61396806B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*", matchCriteriaId: "981AD3FF-1D14-4ECD-8B6F-BCEB7F2409AF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*", matchCriteriaId: "A32C7E89-32ED-4328-9313-FA7D3DDBDC58", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*", matchCriteriaId: "2792EED8-2CBD-478E-BC09-05FE830B3147", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*", matchCriteriaId: "97B1AF2F-6E48-4DBD-A60E-3088CA4C3771", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*", matchCriteriaId: "34E1691D-65B3-45E4-A544-8B29E38D569D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*", matchCriteriaId: "E42F2703-B8AB-410E-AF7B-CD0BE777F061", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*", matchCriteriaId: "31244C94-00A3-499C-A91A-1BEF2FB0E6B9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*", matchCriteriaId: "878FF6E8-8A6D-44CE-9DD1-2C912AB8A193", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*", matchCriteriaId: "5078A95B-2BD8-4A37-A356-F53D1A53CB37", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*", matchCriteriaId: "0BFE67CD-DE53-4C4E-8245-35902AEFA6E8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*", matchCriteriaId: "9F231D31-3AAD-4C5D-A225-D2DF94486718", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*", matchCriteriaId: "5998DF5D-E785-45EC-B8D0-1F4EC4F96D50", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*", matchCriteriaId: "EADFD013-0BFB-427C-98E6-F9E4774DCBC9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*", matchCriteriaId: "58620B10-FEA6-456D-B6B5-2745F5DBE82D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*", matchCriteriaId: "E8F698B1-D9CF-4FE5-933D-EFCEA3056E3D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*", matchCriteriaId: "4858A1F0-97F2-4258-AB98-027BF1EC5117", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*", matchCriteriaId: "3C961A8B-EAFD-4F66-9432-BCC0D154ECCE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*", matchCriteriaId: "052DE6CD-A1E7-4E81-B476-66EF451061C4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*", matchCriteriaId: "3BE1AE1E-6FC0-41D8-857C-C5A99CAF5823", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*", matchCriteriaId: "751B3AC8-D45E-46B6-83D5-311B693F3C0D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*", matchCriteriaId: "9588277A-0B97-4408-9CF7-11271CDAADD6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*", matchCriteriaId: "479FE854-85E5-4ED0-BFAF-2618C9053082", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*", matchCriteriaId: "E048B9BF-77C8-49F7-9F2D-9999F79BA264", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*", matchCriteriaId: "6CD16D4D-E816-486D-96F4-5A2BF75B959F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*", matchCriteriaId: "169C558E-1A83-47D5-A66B-035BD1DD56FF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*", matchCriteriaId: "D683E509-3FB2-4175-BCAB-4EB1B5C04958", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*", matchCriteriaId: "6FCFA915-5445-4732-9F8F-D7561BA4177F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*", matchCriteriaId: "63A9FD98-C22D-48F6-87A1-60791C818A1E", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*", matchCriteriaId: "85F99F24-1783-4E6E-BE61-04C2E80356ED", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*", matchCriteriaId: "74CC7EB9-3F59-4C0A-B3A1-984BCCFB25BD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*", matchCriteriaId: "85289E4C-C813-4677-867D-EE8E98F4A1A3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*", matchCriteriaId: "27C8150F-BEFA-406D-9F0D-E7CB187E26AB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*", matchCriteriaId: "1E807F90-819F-4103-B1F7-4CE46971BD63", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*", matchCriteriaId: "CD93203F-71B9-4F87-B5D8-FD273451C8A2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*", matchCriteriaId: "1E652C74-C48D-4F29-9E85-09325632443F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*", matchCriteriaId: "99158191-3013-4182-8A53-5DFCA1E2C60A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*", matchCriteriaId: "F7E39A3E-7EAE-47C9-930B-58A980B73FC5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*", matchCriteriaId: "FFDA54BA-C00D-4890-9B7F-328257607B21", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*", matchCriteriaId: "1F5EFB1E-334C-4B55-8E2E-6AE19B34774D", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*", matchCriteriaId: "B8260DCA-2F0C-45F7-B35F-D489AF5639F2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*", matchCriteriaId: "7778F81B-6D05-4666-B1D4-53DB0EC16858", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*", matchCriteriaId: "5DC6706A-61F7-4AA0-B2FF-0FFDF739A644", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*", matchCriteriaId: "7EF1B16B-02F2-4ECA-938E-B5CDCFC67816", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*", matchCriteriaId: "3C5501D8-1B0D-4F5A-AFD7-C63181D3281F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*", matchCriteriaId: "1751F0CE-A0D3-40E2-8EEC-D31141FE33A8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*", matchCriteriaId: "5FF9AFA7-BBE8-4229-94CB-5A9596728BA5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*", matchCriteriaId: "E23A777F-68A4-4217-A75A-4D8A27E6451A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*", matchCriteriaId: "2CA27DFB-CDD1-4F52-86B3-DB2320A9C7B2", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*", matchCriteriaId: "392A4337-11F6-4980-A138-4FDBCAD0EBA4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*", matchCriteriaId: "E2E9BB67-F1FF-4190-889F-78B965CCE934", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*", matchCriteriaId: "F4185A70-5D10-448E-A9AB-AA9D5CDF0FF8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*", matchCriteriaId: "35607317-0928-4297-A33E-D44BEE1BBEC9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*", matchCriteriaId: "D48323B1-7FEB-451F-A064-23E7CE7F6403", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*", matchCriteriaId: "29EF4E8A-EF37-4DCC-B5D4-DA89AF31DD18", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*", matchCriteriaId: "F5763189-7980-4A72-92C9-1908FE9E15EF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*", matchCriteriaId: "C53ACD49-DA21-4DDE-A0AA-FCCD59D29886", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*", matchCriteriaId: "4326D350-EBC2-48E6-A2C6-0499F6826CEE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*", matchCriteriaId: "8594E6FE-B6DB-4343-B3DD-AEC19923DAF9", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*", matchCriteriaId: "5BCADA00-E453-414D-9933-FCB43D21BBC3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*", matchCriteriaId: "E62212D9-F707-4A8E-AB2A-A3985E7A4049", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*", matchCriteriaId: "561755A8-8AAD-4F41-8266-747EFDAF2D55", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*", matchCriteriaId: "E6F4BB0F-DAF4-479B-B78A-7929C151AA1B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*", matchCriteriaId: "A207312E-1D35-4464-A111-22C4C793E146", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*", matchCriteriaId: "E9B16E32-07D5-445B-BAA5-4E4A0881BFC1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*", matchCriteriaId: "7CF08F6B-2ECB-414C-82D7-C06085BF8B10", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*", matchCriteriaId: "21032BE3-74D8-4C3F-B461-158F475B6853", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*", matchCriteriaId: "2F9AC992-59B7-44EE-9FF3-567AC48938AA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:5118:*:*:*:*:*:*:*", matchCriteriaId: "B44B3BFF-649A-4C1E-9564-EFA007FA2BD5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:5119t:*:*:*:*:*:*:*", matchCriteriaId: "C04EDD71-15B3-4085-828C-BB7A43DBDCC0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:5120:*:*:*:*:*:*:*", matchCriteriaId: "CC1BA7AC-989B-4093-841A-C6D5978BF17F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:5120t:*:*:*:*:*:*:*", matchCriteriaId: "1874F848-B15B-4369-A164-5FA11D2B9AFE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:5122:*:*:*:*:*:*:*", matchCriteriaId: "9E46F934-9765-43ED-88A7-A4778C99A976", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6126:*:*:*:*:*:*:*", matchCriteriaId: "380A8F4F-7D1F-4F79-B555-E5AE18EF9F5F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6126f:*:*:*:*:*:*:*", matchCriteriaId: "E8D5217E-9520-4FDB-9330-C8DC2CDDAA70", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6126t:*:*:*:*:*:*:*", matchCriteriaId: "B206674F-1A34-470B-820C-05F9C37792CF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6128:*:*:*:*:*:*:*", matchCriteriaId: "63AE2051-9F8E-4477-8E1E-38A1E06AD247", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6130:*:*:*:*:*:*:*", matchCriteriaId: "6B39281F-990C-4AA3-9287-CCB5BA7E8AC8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6130f:*:*:*:*:*:*:*", matchCriteriaId: "3EDC0FCF-BD22-42AD-8044-9A64215B91CA", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6130t:*:*:*:*:*:*:*", matchCriteriaId: "7E0ED8AA-56D8-4CB6-A765-706BE87C9E30", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6132:*:*:*:*:*:*:*", matchCriteriaId: "AA890C07-7940-4DF4-96FB-8F71A2EFE5C0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6134:*:*:*:*:*:*:*", matchCriteriaId: "E95A34F0-0B74-4031-BC9E-CBC93665BE68", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6134m:*:*:*:*:*:*:*", matchCriteriaId: "4CD3CF38-0DDD-4C1C-B420-4DE0B1C932CF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6136:*:*:*:*:*:*:*", matchCriteriaId: "0BB22DF7-15CE-4340-A05F-BD39FCA41F50", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6138:*:*:*:*:*:*:*", matchCriteriaId: "7BA72DC8-2E4E-453A-A3FB-20F31D32B973", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6138f:*:*:*:*:*:*:*", matchCriteriaId: "758E45B6-7C7A-432D-891D-CB99077AE3B5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6138t:*:*:*:*:*:*:*", matchCriteriaId: "06B3CDFF-B055-4BB4-98FB-DFF4B2E63A29", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6140:*:*:*:*:*:*:*", matchCriteriaId: "26D7A401-BCE1-4673-93C9-67F009B75A39", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6140m:*:*:*:*:*:*:*", matchCriteriaId: "6E62119B-2A65-4473-B570-F118614B0ED6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6142:*:*:*:*:*:*:*", matchCriteriaId: "5E5319E0-909C-4688-AAA6-6A0B5D19FFDF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6142f:*:*:*:*:*:*:*", matchCriteriaId: "8F83F9F9-D2DB-4D40-AD61-29E66B050B45", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6142m:*:*:*:*:*:*:*", matchCriteriaId: "91BE6238-312E-4CF7-9E74-48CB5603B0FF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6144:*:*:*:*:*:*:*", matchCriteriaId: "AC09EB6D-7FAC-4B61-83A5-B0DC18D54EB3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6146:*:*:*:*:*:*:*", matchCriteriaId: "33BA1BE0-0A78-4E94-A619-35735C913180", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6148:*:*:*:*:*:*:*", matchCriteriaId: "3FDD838C-8037-49E1-BAB4-C1D7D29BB9D5", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6148f:*:*:*:*:*:*:*", matchCriteriaId: "24CA40FE-80C5-4A20-8219-CEF51F3162FD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6150:*:*:*:*:*:*:*", matchCriteriaId: "B10305C5-0C2C-48B7-A0AD-2B24AD722EBC", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6152:*:*:*:*:*:*:*", matchCriteriaId: "33E8F127-6EAE-4302-BD52-7C3FCCA307D4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_gold:6154:*:*:*:*:*:*:*", matchCriteriaId: "8D675EA9-33E7-45ED-B6A9-7117AD2FEE26", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_phi:7210:*:*:*:*:*:*:*", matchCriteriaId: "F6E468FE-73BE-4B20-B774-58EC7CD20CDB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_phi:7210f:*:*:*:*:*:*:*", matchCriteriaId: "0FF6B19B-7D45-44B3-8524-407253B93EEE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_phi:7230:*:*:*:*:*:*:*", matchCriteriaId: "2B803FAD-E54D-49FE-A078-029B8FFBBB98", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_phi:7230f:*:*:*:*:*:*:*", matchCriteriaId: "CC511505-ED67-45B4-B76C-56AB750C4408", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_phi:7235:*:*:*:*:*:*:*", matchCriteriaId: "A430C232-79EB-4264-AE24-41D4A2A5D990", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_phi:7250:*:*:*:*:*:*:*", matchCriteriaId: "3A9E3D4B-A3DF-4858-8C64-0316B6E57435", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_phi:7250f:*:*:*:*:*:*:*", matchCriteriaId: "19108672-E1AA-41CC-B86C-061D3721C8B8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_phi:7285:*:*:*:*:*:*:*", matchCriteriaId: "200D36CF-AEDE-4183-8C54-748E6E5A3218", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_phi:7290:*:*:*:*:*:*:*", matchCriteriaId: "4CF13A44-5163-4282-8EE8-7DC05499B5E0", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_phi:7290f:*:*:*:*:*:*:*", matchCriteriaId: "827C12CE-D87D-489D-ABA7-BE0405EC33D4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_phi:7295:*:*:*:*:*:*:*", matchCriteriaId: "16AA78F7-520B-4FFC-838C-DC74FEE8E13F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*", matchCriteriaId: "8CB2949C-4699-49EF-83EB-31199E0CE2DF", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*", matchCriteriaId: "66C169DC-EEFE-4DE6-A3D0-65B606527240", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*", matchCriteriaId: "FD28227A-8888-43B2-BC41-8D54B49DA58C", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*", matchCriteriaId: "7984BAEA-4518-4E17-830E-B34D09648BD8", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*", matchCriteriaId: "2C2214E5-491E-448F-A4B6-A497FB44D722", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*", matchCriteriaId: "2AE93013-C262-46A5-8E77-D647881EE632", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*", matchCriteriaId: "85B53CEC-943F-4966-8EC1-CB2C6AD6A15B", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*", matchCriteriaId: "EEAC04A3-EBE3-406B-B784-A3547162ECE4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*", matchCriteriaId: "15720FFE-B2A4-4347-BCD7-DFA6774C0B8F", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*", matchCriteriaId: "50F46B0E-C746-44B4-B343-E3DCAB4B98DE", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*", matchCriteriaId: "5AE30903-4F75-4D71-A8BB-44D1099E9837", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*", matchCriteriaId: "98311EAA-26C8-4092-8BE5-4E7BEAA68DD4", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*", matchCriteriaId: "DB8CF348-811C-4342-ACB9-AFCABCC34331", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*", matchCriteriaId: "71998EC5-EC0F-496C-B658-3CD91D824944", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*", matchCriteriaId: "A1F19B2A-E7A1-4B97-AC40-02B0D3673555", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*", matchCriteriaId: "CB6387C9-C0A8-4B26-BC62-802775CD0AD3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*", matchCriteriaId: "EFEB0164-77C2-4EC2-92FD-5FCE246119CB", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*", matchCriteriaId: "FDB20210-337C-4220-8CA1-F4B2BC54EBC3", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*", matchCriteriaId: "F699569F-4F52-4CC0-90D9-CC4CBC32428A", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*", matchCriteriaId: "CBAED22B-D097-49C4-ADDF-4B3F3E1262D6", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*", matchCriteriaId: "ACF5C3C2-EE69-4DE7-A76C-C797192EE7A1", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*", matchCriteriaId: "7756B588-5A63-4508-8BDD-92DB8CB0F4AD", vulnerable: true, }, { criteria: "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*", matchCriteriaId: "316E26AE-67A5-4E75-8F9B-ECF4A03AED51", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:arm:cortex-a:9:*:*:*:*:*:*:*", matchCriteriaId: "A51E86F5-8F94-4E7C-9A63-DAA3FCBE0438", vulnerable: true, }, { criteria: "cpe:2.3:h:arm:cortex-a:15:*:*:*:*:*:*:*", matchCriteriaId: "001AB619-157E-40B4-B86C-5DB18245D62F", vulnerable: true, }, { criteria: "cpe:2.3:h:arm:cortex-a:17:*:*:*:*:*:*:*", matchCriteriaId: "1221FB4F-488A-4A52-8788-82ECBF92113B", vulnerable: true, }, { criteria: "cpe:2.3:h:arm:cortex-a:57:*:*:*:*:*:*:*", matchCriteriaId: "38D51E27-28A3-47A1-9C36-1A223858E352", vulnerable: true, }, { criteria: "cpe:2.3:h:arm:cortex-a:72:*:*:*:*:*:*:*", matchCriteriaId: "365DF3EF-E7D1-41FC-8382-D3B095542D59", vulnerable: true, }, { criteria: "cpe:2.3:h:arm:cortex-a:73:*:*:*:*:*:*:*", matchCriteriaId: "D0B2B122-34A9-4534-A996-8FEAACA71A05", vulnerable: true, }, { criteria: "cpe:2.3:h:arm:cortex-a:75:*:*:*:*:*:*:*", matchCriteriaId: "C850453B-CDB1-490D-B551-9AC0B27D8A67", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", matchCriteriaId: "588D4F37-0A56-47A4-B710-4D5F3D214FB9", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:-:*:*:*:*:*:*", matchCriteriaId: "7151A19C-0AE5-4F66-9E3D-8BF675A8430C", vulnerable: true, }, { criteria: "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "BEEB72F4-AE57-49DD-8876-1BCA7B805692", vulnerable: true, }, { criteria: "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "7929F123-AC76-4F49-940F-558CABC25E75", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*", matchCriteriaId: "E6034789-ABD1-4035-8378-F0BA7157B087", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", matchCriteriaId: "C4534CF9-D9FD-4936-9D8C-077387028A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", matchCriteriaId: "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", matchCriteriaId: "CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", matchCriteriaId: "C403C49F-3779-4A7A-8D12-B4A32BFD77CF", versionEndExcluding: "5.1.32", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", matchCriteriaId: "0AEC1DE4-F01C-4D21-8FB6-A0D4460D6CD0", versionEndExcluding: "5.2.6", versionStartIncluding: "5.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", }, { lang: "es", value: "Los sistemas con microprocesadores con ejecución especulativa y predicción indirecta de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral.", }, ], id: "CVE-2017-5715", lastModified: "2024-11-21T03:28:16.943", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.1, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-04T13:29:00.227", references: [ { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html", }, { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html", }, { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html", }, { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html", }, { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html", }, { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html", }, { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html", }, { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html", }, { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html", }, { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html", }, { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html", }, { source: "secure@intel.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", }, { source: "secure@intel.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/584653", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102376", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040071", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "http://xenbits.xen.org/xsa/advisory-254.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0292", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/speculativeexecution", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en-us/advisories/vde-2018-002", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en-us/advisories/vde-2018-003", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { source: "secure@intel.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html", }, { source: "secure@intel.com", url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html", }, { source: "secure@intel.com", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", }, { source: "secure@intel.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/36", }, { source: "secure@intel.com", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Nov/16", }, { source: "secure@intel.com", tags: [ "Vendor Advisory", ], url: "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201810-06", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180104-0001/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://security.paloaltonetworks.com/CVE-2017-5715", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://spectreattack.com/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX231399", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91229003", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://support.lenovo.com/us/en/solutions/LEN-18282", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3531-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3531-3/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3540-2/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3541-2/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3542-2/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3549-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3560-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3561-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3580-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3581-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3581-2/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3582-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3582-2/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3594-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3597-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3597-2/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3620-2/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3690-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3777-3/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/usn/usn-3516-1/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4120", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4187", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4188", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4213", }, { source: "secure@intel.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43427/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/180049", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/support/security/Synology_SA_18_01", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2018-0007.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html", }, { source: "secure@intel.com", tags: [ "Third Party Advisory", ], url: "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4611", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4613", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://nvidia.custhelp.com/app/answers/detail/a_id/4614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/584653", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102376", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040071", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://xenbits.xen.org/xsa/advisory-254.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:0292", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/speculativeexecution", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en-us/advisories/vde-2018-002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert.vde.com/en-us/advisories/vde-2018-003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Nov/16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201810-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180104-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.paloaltonetworks.com/CVE-2017-5715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://spectreattack.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX231399", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K91229003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.lenovo.com/us/en/solutions/LEN-18282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3531-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3531-3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3540-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3541-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3542-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3549-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3560-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3561-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3580-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3581-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3581-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3582-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3582-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3594-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3597-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3597-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3620-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3690-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3777-3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/usn/usn-3516-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4187", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43427/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/180049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/support/security/Synology_SA_18_01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2018-0007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-11 16:15
Modified
2024-11-21 05:50
Severity ?
Summary
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "5681F65E-9839-4E10-8245-C878D384C944", versionEndIncluding: "7.76.1", versionStartIncluding: "7.61.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", matchCriteriaId: "10323322-F6C0-4EA7-9344-736F7A80AA5F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", matchCriteriaId: "DF616620-88CE-4A77-B904-C1728A2E6F9B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "3AA09838-BF13-46AC-BB97-A69F48B73A8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "175B97A7-0B00-4378-AD9F-C01B6D9FD570", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", matchCriteriaId: "6A0BD5BD-E2F8-4B4E-B5CF-9787E6F2E4AE", versionEndExcluding: "11.1.2.4.047", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", matchCriteriaId: "3197F464-F0A5-4BD4-9068-65CD448D8F4C", versionEndExcluding: "21.3", versionStartIncluding: "21.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "10630209-CF90-455D-B70F-DB50BAFC5499", versionEndIncluding: "5.7.34", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "181677F8-59EE-49BC-91A7-845819742869", versionEndIncluding: "8.0.25", versionStartIncluding: "8.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single \"static\" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.", }, { lang: "es", value: "curl versiones 7.61.0 hasta 7.76.1, sufre de exposición de un elemento de datos a una sesión equivocada debido a un error en el código para la función CURLOPT_SSL_CIPHER_LIST cuando libcurl es construído para usar la biblioteca TLS de Schannel. El ajuste de cifrado seleccionado se almacenaba en una única variable \"static\" en la biblioteca, lo que tiene el sorprendente efecto secundario de que si una aplicación establece múltiples transferencias concurrentes, la última que ajusta los cifrados controlará accidentalmente el ajuste usado por todas las transferencias. En el peor de los casos, esto debilita significativamente la seguridad del transporte", }, ], id: "CVE-2021-22897", lastModified: "2024-11-21T05:50:51.927", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-11T16:15:10.963", references: [ { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "support@hackerone.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2021-22897.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511", }, { source: "support@hackerone.com", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://hackerone.com/reports/1172857", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210727-0007/", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2021-22897.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://hackerone.com/reports/1172857", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210727-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-840", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-07 13:15
Modified
2024-11-21 07:05
Severity ?
Summary
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | clustered_data_ontap | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - | |
| netapp | bootstrap_os | - | |
| netapp | h300s | - | |
| netapp | h300s_firmware | - | |
| netapp | h500s | - | |
| netapp | h500s_firmware | - | |
| netapp | h700s | - | |
| netapp | h700s_firmware | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| apple | macos | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "F1F67AD5-9AB1-490D-B2A2-383B6A5066FB", versionEndExcluding: "7.84.0", versionStartIncluding: "7.16.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "71E032AD-F827-4944-9699-BB1E6D4233FC", versionEndExcluding: "13.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", }, { lang: "es", value: "Cuando curl versiones anteriores a 7.84.0, hace transferencias FTP aseguradas por krb5, maneja inapropiadamente los fallos de verificación de mensajes. Este fallo hace posible que un ataque de tipo Man-In-The-Middle pase desapercibido e incluso permite inyectar datos al cliente", }, ], id: "CVE-2022-32208", lastModified: "2024-11-21T07:05:55.503", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-07T13:15:08.467", references: [ { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1590071", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213488", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Oct/41", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1590071", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220915-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-840", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-09 23:15
Modified
2024-11-21 06:38
Severity ?
Summary
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| python | python | * | |
| python | python | * | |
| python | python | * | |
| python | python | * | |
| python | python | 3.10.0 | |
| python | python | 3.10.0 | |
| python | python | 3.10.0 | |
| python | python | 3.10.0 | |
| python | python | 3.10.0 | |
| python | python | 3.10.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | hci | - | |
| netapp | management_services_for_element_software | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | hci_compute_node | - | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | zfs_storage_appliance_kit | 8.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "C0AA4B12-CF3C-4327-983C-9067D7D97B57", versionEndExcluding: "3.6.14", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "63D83236-D590-43D4-82C0-B0C656E02A29", versionEndExcluding: "3.7.11", versionStartIncluding: "3.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "AEAFF8F2-FA7C-4FFA-B592-E37EF28D6B59", versionEndExcluding: "3.8.11", versionStartIncluding: "3.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "91FD0AF9-B011-4238-8CF1-BDEA0399AF82", versionEndExcluding: "3.9.5", versionStartIncluding: "3.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.10.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "D3A22303-914F-4EB6-9CCE-EE0D5EDB424B", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.10.0:alpha2:*:*:*:*:*:*", matchCriteriaId: "349F5466-4F47-47FB-B600-55DB4F919E1A", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.10.0:alpha3:*:*:*:*:*:*", matchCriteriaId: "14EE982A-1DA9-4D34-B748-862DE731BE69", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.10.0:alpha4:*:*:*:*:*:*", matchCriteriaId: "D0B1D471-35D3-4289-8C74-63C36233C18D", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.10.0:alpha5:*:*:*:*:*:*", matchCriteriaId: "D613BB2D-D583-44CC-9C22-38CE434FDDFD", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:3.10.0:alpha6:*:*:*:*:*:*", matchCriteriaId: "2075995B-9D49-4EFE-9743-5ACE0B6DEF62", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", matchCriteriaId: "E8F29E19-3A64-4426-A2AA-F169440267CC", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*", matchCriteriaId: "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "86B51137-28D9-41F2-AFA2-3CC22B4954D1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.", }, { lang: "es", value: "Se ha encontrado un fallo en Python, concretamente en el módulo urllib.parse. Este módulo ayuda a dividir las cadenas de localizadores de recursos uniformes (URL) en componentes. El problema involucra como el método urlparse no sanea la entrada y permite caracteres como \"\\r\" y \"\\n\" en la ruta de la URL. Este fallo permite a un atacante introducir una URL diseñada, conllevando a ataques de inyección. Este fallo afecta a Python versiones anteriores a 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 y 3.6.14", }, ], id: "CVE-2022-0391", lastModified: "2024-11-21T06:38:31.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-09T23:15:16.580", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.python.org/issue43882", }, { source: "secalert@redhat.com", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/202305-02", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220225-0009/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.python.org/issue43882", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202305-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220225-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 06:56
Severity ?
Summary
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | clustered_data_ontap | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| brocade | fabric_operating_system | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "5F125B29-ADBD-4014-A98C-0FF750CC5648", versionEndExcluding: "7.83.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "41CD1160-B681-41EF-9EB4-06CE0F53C501", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.", }, { lang: "es", value: "Una vulnerabilidad de credenciales insuficientemente protegidas fijada en curl versión 7.83.0, podría filtrar datos de autenticación o de encabezados de cookies en redireccionamientos HTTP al mismo host pero con otro número de puerto", }, ], id: "CVE-2022-27776", lastModified: "2024-11-21T06:56:09.920", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-02T14:15:43.713", references: [ { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1547048", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1547048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N5ZBWLNNPZKFK7Q4KEHGCJ2YELQEUJP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKKOQXPYLMBSEVDHFS32BPBR3ZQJKY5B/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-05 06:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| opensuse | leap | 15.1 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| netapp | a700s_firmware | - | |
| netapp | a700s | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h610c_firmware | - | |
| netapp | h610c | - | |
| netapp | h610s_firmware | - | |
| netapp | h610s | - | |
| netapp | h615c_firmware | - | |
| netapp | h615c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "25611CC0-E1DB-4D7B-82DF-D16CB8355844", versionEndExcluding: "5.5.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "4B7DA42F-5D64-4967-A2D4-6210FE507841", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.", }, { lang: "es", value: "Se detectó un problema en el kernel de Linux versiones anteriores a 5.5.4. La función mwifiex_cmd_append_vsie_tlv() en el archivo drivers/net/wireless/marvell/mwifiex/scan.c permite a usuarios locales alcanzar privilegios o causar una denegación de servicio debido a una memcpy incorrecta y al desbordamiento del búfer, también se conoce como CID-b70261a288ea.", }, ], id: "CVE-2020-12653", lastModified: "2024-11-21T04:59:59.723", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-05T06:15:11.043", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/05/08/2", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/05/08/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4698", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-27 04:15
Modified
2024-11-21 05:19
Severity ?
Summary
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| python | python | * | |
| python | python | * | |
| python | python | * | |
| python | python | * | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - | |
| debian | debian_linux | 9.0 | |
| oracle | zfs_storage_appliance_kit | 8.8 | |
| opensuse | leap | 15.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "0DCA021D-A322-4442-A030-B723D8F8C7E5", versionEndExcluding: "3.5.10", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "7EB6A6FC-6C82-4543-8DAA-96FF2BACDB5C", versionEndExcluding: "3.6.12", versionStartIncluding: "3.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "045171F0-A76D-4385-B2AE-51479B425C45", versionEndExcluding: "3.7.9", versionStartIncluding: "3.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", matchCriteriaId: "9065C407-4FE5-4895-84FC-21B706581C0F", versionEndExcluding: "3.8.5", versionStartIncluding: "3.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.", }, { lang: "es", value: "http.client en Python 3.x antes de la versión 3.5.10, 3.6.x antes de la versión 3.6.12, 3.7.x antes de la versión 3.7.9, y 3.8.x antes de la versión 3.8.5 permite la inyección de CRLF si el atacante controla el método de petición HTTP, como se demuestra insertando caracteres de control CR y LF en el primer argumento de HTTPConnection.request", }, ], id: "CVE-2020-26116", lastModified: "2024-11-21T05:19:16.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-27T04:15:11.587", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.python.org/issue39603", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://python-security.readthedocs.io/vuln/http-header-injection-method.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-18", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201023-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4581-1/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugs.python.org/issue39603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://python-security.readthedocs.io/vuln/http-header-injection-method.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202101-18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201023-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4581-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-02 23:15
Modified
2024-11-21 06:22
Severity ?
Summary
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "103D9D8F-806F-4043-80C3-73831775798E", versionEndExcluding: "5.15.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6EDB6772-7FDB-45FF-8D72-952902A7EE56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9955F62A-75D3-4347-9AD3-5947FC365838", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7A6D77C7-A2F4-4700-AB5A-3EC853496ECA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5AF71C49-ADEF-4EE2-802C-6159ADD51355", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*", matchCriteriaId: "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*", matchCriteriaId: "24377899-5389-4BDC-AC82-0E4186F4DE53", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*", matchCriteriaId: "23FE83DE-AE7C-4313-88E3-886110C31302", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*", matchCriteriaId: "490B327B-AC20-419B-BB76-8AB6971304BB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*", matchCriteriaId: "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*", matchCriteriaId: "6CA74E8B-51E2-4A7C-8A98-0583D31134A6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*", matchCriteriaId: "7B64AB37-A1D9-4163-A51B-4C780361F1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*", matchCriteriaId: "7BE9C9D7-9CED-4184-A190-1024A6FB8C82", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*", matchCriteriaId: "B73D4C3C-A511-4E14-B19F-91F561ACB1B8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*", matchCriteriaId: "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*", matchCriteriaId: "039C3790-5AA2-4895-AEAE-CC84A71DB907", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*", matchCriteriaId: "B4592238-D1F2-43D6-9BAB-2F63ECF9C965", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*", matchCriteriaId: "0BA78068-80E9-4E49-9056-88EAB7E3682C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*", matchCriteriaId: "092F366C-E8B0-4BE5-B106-0B7A73B08D34", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*", matchCriteriaId: "E7992E92-B159-4810-B895-01A9B944058A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*", matchCriteriaId: "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.", }, { lang: "es", value: "Se ha encontrado un fallo en la pila SCTP de Linux. Un atacante ciego puede ser capaz de matar una asociación SCTP existente mediante trozos no válidos si el atacante conoce las direcciones IP y los números de puerto que están siendo usados y el atacante puede enviar paquetes con direcciones IP falsas", }, ], id: "CVE-2021-3772", lastModified: "2024-11-21T06:22:23.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-02T23:15:09.127", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000694", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221007-0001/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://ubuntu.com/security/CVE-2021-3772", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221007-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://ubuntu.com/security/CVE-2021-3772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-354", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-354", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-23 14:29
Modified
2024-11-21 04:16
Severity ?
Summary
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | activemq | 5.15.9 | |
| apache | drill | 1.16.0 | |
| apache | zookeeper | * | |
| apache | zookeeper | 3.5.0 | |
| apache | zookeeper | 3.5.0 | |
| apache | zookeeper | 3.5.0 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.1 | |
| apache | zookeeper | 3.5.2 | |
| apache | zookeeper | 3.5.2 | |
| apache | zookeeper | 3.5.2 | |
| apache | zookeeper | 3.5.2 | |
| apache | zookeeper | 3.5.3 | |
| apache | zookeeper | 3.5.3 | |
| apache | zookeeper | 3.5.3 | |
| apache | zookeeper | 3.5.3 | |
| apache | zookeeper | 3.5.4 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| redhat | fuse | 1.0.0 | |
| oracle | goldengate_stream_analytics | * | |
| oracle | siebel_core_-_server_framework | * | |
| oracle | timesten_in-memory_database | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | element_software | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*", matchCriteriaId: "70B11FEF-4CBF-4483-A5BD-CDA5AFAE52AE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*", matchCriteriaId: "235DC57F-22B8-4219-9499-7D005D90A654", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*", matchCriteriaId: "19FD698D-914D-46C3-810B-F749CD0C0DE8", versionEndIncluding: "3.4.13", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.0:-:*:*:*:*:*:*", matchCriteriaId: "3B1074FD-02DC-4CDC-A8F2-4CE0827539B6", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*", matchCriteriaId: "2F0F84E2-88CE-4350-B342-DA761D43682E", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.0:rc0:*:*:*:*:*:*", matchCriteriaId: "ACB3229A-F1BA-4AA7-916A-9061BE561AD4", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:-:*:*:*:*:*:*", matchCriteriaId: "0E5C9D62-F9A2-4961-8440-9DF6F5C213D8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:alpha:*:*:*:*:*:*", matchCriteriaId: "A0C88D5A-86CD-41D3-B453-6060482E84E3", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:rc0:*:*:*:*:*:*", matchCriteriaId: "24BEEE1F-5408-43F8-B662-B826349E97D8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:rc1:*:*:*:*:*:*", matchCriteriaId: "4031DB88-F356-458F-BC77-91B62744A466", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:rc2:*:*:*:*:*:*", matchCriteriaId: "AB019BEC-6C42-4A51-9C45-389B6529CE96", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:rc3:*:*:*:*:*:*", matchCriteriaId: "107E465A-A904-4198-8171-3D764B9F1C19", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.1:rc4:*:*:*:*:*:*", matchCriteriaId: "D5DE5D25-B8A9-4172-80FF-D430D47AE96A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.2:-:*:*:*:*:*:*", matchCriteriaId: "3E2EB460-5B43-42E3-98AF-FB08B0C94957", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.2:alpha:*:*:*:*:*:*", matchCriteriaId: "9C89705C-D40E-4C7D-A019-809D32AC1A98", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.2:rc0:*:*:*:*:*:*", matchCriteriaId: "738C3017-324B-46AB-8D71-5202E31DBC97", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.2:rc1:*:*:*:*:*:*", matchCriteriaId: "39BE8DA0-6839-4E59-838F-E0D6A4F96D3B", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.3:-:*:*:*:*:*:*", matchCriteriaId: "09C66E38-BDA9-42A6-8DBE-4E8781AE8394", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*", matchCriteriaId: "81C99F52-0D85-41C8-A0DA-CE29C917ADDC", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.3:rc0:*:*:*:*:*:*", matchCriteriaId: "9B94B4B9-2B39-4879-BC68-2E4DEC57650D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.3:rc1:*:*:*:*:*:*", matchCriteriaId: "3E6AADAF-368B-4143-AE49-736A4101D732", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:zookeeper:3.5.4:beta:*:*:*:*:*:*", matchCriteriaId: "C392B5BC-1B19-49CB-B43F-D485EC4DC094", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0F31D7E8-D31D-4268-9ABF-3733915AA226", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4", versionEndExcluding: "19.1.0.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "F9C855EA-6E35-4EFF-ADEB-0EDFF90272BD", versionEndIncluding: "21.5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "3CFFA207-BDA9-4088-890E-99D9A30421D8", versionEndExcluding: "18.1.3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.", }, { lang: "es", value: "Hay un problema presente en Apache ZooKeeper 1.0.0 a 3.4.13 y 3.5.0-alpha a 3.5.4-beta. El comando getACL () de ZooKeeper no verifica ningún permiso cuando recupera las ACL del nodo solicitado y devuelve toda la información contenida en el campo Id. De ACL como cadena de texto sin formato. DigestAuthenticationProvider sobrecarga el campo Id con el valor hash que se utiliza para la autenticación del usuario. Como consecuencia, si la autenticación implícita está en uso, el valor hash sin sal será revelado por la solicitud getACL () para usuarios no autenticados o no privilegiados.", }, ], id: "CVE-2019-0201", lastModified: "2024-11-21T04:16:28.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-23T14:29:07.517", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108427", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/13", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4461", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:4352", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/ZOOKEEPER-1392", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Jun/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190619-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4461", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://zookeeper.apache.org/security.html#CVE-2019-0201", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-21 22:15
Modified
2024-11-21 04:32
Severity ?
Summary
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libssh2 | libssh2 | * | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.1 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | solidfire | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*", matchCriteriaId: "D0F2D0AA-AFDD-41A2-8172-EEB203227E5D", versionEndIncluding: "1.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", }, { lang: "es", value: "En libssh2 versión v1.9.0 y anteriores, la lógica de la función SSH_MSG_DISCONNECT en el archivo packet.c presenta un desbordamiento de enteros en una comprobación de límites, lo que permite a un atacante especificar un desplazamiento arbitrario (fuera de límites) para una lectura de memoria posterior. Un servidor SSH diseñado puede ser capaz de revelar información confidencial o causar una condición de denegación de servicio en el sistema del cliente cuando un usuario conecta con el servidor.", }, ], id: "CVE-2019-17498", lastModified: "2024-11-21T04:32:22.850", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-21T22:15:10.523", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220909-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220909-0004/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-27 23:29
Modified
2024-11-21 04:36
Severity ?
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "1FB0EC34-4625-4B2A-8AB9-0764D9D9E6BC", versionEndExcluding: "1.0.2r", versionStartIncluding: "1.0.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*", matchCriteriaId: "4E878102-1EA0-4D83-9F36-955DCF902211", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "62347994-1353-497C-9C4A-D5D8D95F67E8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*", matchCriteriaId: "893C0367-DD1A-4754-B9E0-4944344108EC", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "C18CA4B5-28FD-4199-B1F0-B1E59E920370", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*", matchCriteriaId: "EB2FB857-5F1F-46E5-A90C-AFB990BF1660", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", matchCriteriaId: "0A4D418D-B526-46B9-B439-E1963BF88C0A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", matchCriteriaId: "7E968916-8CE0-4165-851F-14E37ECEA948", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "361B791A-D336-4431-8F68-8135BEFFAEA2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", matchCriteriaId: "146A767F-DC04-454B-9913-17D3A2B5AAA4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", matchCriteriaId: "61D7EF01-F618-497F-9375-8003CEA3D380", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", matchCriteriaId: "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*", matchCriteriaId: "F74F467A-0C81-40D9-BA06-40FB8EF02C04", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", matchCriteriaId: "7B7A6697-98CC-4E36-93DB-B7160F8399F9", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3B5688-0235-4D4F-A26C-440FF24A1B43", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "706316DC-8C24-4D9E-B7B4-F62CB52106B8", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EFBB9E7C-08D1-4B30-AD3B-CADBF30D756B", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "151ED6D1-AA85-4213-8F3A-8167CBEC4721", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BFA83D61-1A50-47F5-B9BE-15D672A6DDAD", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "925049D0-082E-4CED-9996-A55620A220CF", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "830028B5-9BAF-439C-8166-1053C0CB9836", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "5D5AA99B-08E7-4959-A3B4-41AA527B4B22", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "22C64069-68D1-445F-B20D-FD1FF8DB0F71", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "6D87C038-B96D-4EA8-AB03-0401B2C9BB24", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "01BC2A57-030F-4A13-B584-BE2627EA3FE7", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9DC86A5F-C793-4848-901F-04BFB57A07F6", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9CE03A8F-DAE1-4923-9741-DC89FA8A6FD8", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "037C035C-9CFC-4224-8264-6132252D11FD", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FD91F1A1-67F5-4547-848B-21664A9CC685", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A7E616EB-F2F9-43BF-A23D-8FD0650DA85B", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "10367A28-787A-4FAB-80AD-ADD67A751732", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "55C2EC23-E78F-4447-BACF-21FC36ABF155", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "180D2770-61F3-4CFB-B5FA-1CF1796D4B3E", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "46712630-407A-4E61-B62F-3AB156353A1D", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "21E18EA5-2210-41B1-87B0-55AB16514FE2", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "EFFCCCFF-8B66-4C8B-A99A-32964855EF98", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "5D0BD10F-735D-4442-828B-0B90207ABEAD", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "448BB033-AE0F-46A0-8E98-3A6AE36EADAE", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "CC06609D-C362-4214-8487-2278161B5EAD", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "945A19E8-51EB-42FE-9BF1-12DAC78B5286", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "2008DD47-CC1D-430F-8478-E90617F5F998", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "DC39F6EE-478A-4638-B97D-3C25FD318F3D", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "317C50A2-FE92-4C78-A94A-062274E6A6A8", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EB5007D0-BBDB-4D74-9C88-98FBA74757D1", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "389B6330-3041-4892-97D5-B5A6D9CE1487", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5C556587-6963-49CF-8A2B-00431B386D78", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D748001D-340C-45C4-A2D0-0575538C5CEC", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "B7725810-66D2-4460-A174-9F3BFAD966F2", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "D7854954-A9A4-487B-B6C7-8DC1F83F4BD7", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "572B1078-60C4-4A71-A0F4-2E2F4FBC4102", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0371EB7C-3D41-4B8C-8FA9-DC6F42442448", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EFD760FE-4347-4D36-B5C6-4009398060F2", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FB7588DA-75D3-4374-8871-D92E95509C91", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C95403E8-A078-47E8-9B2F-F572D24C79EF", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9C1BC0A8-5868-4FCA-80A5-661C3870EB7D", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "65B76F53-7D8B-477E-8B6E-91AC0A9009FF", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E824BD72-428F-4A8D-ABE6-2A45EB9A4E3A", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0585424E-3F74-400E-8199-ED964317F89F", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "7A6CF6F4-D68A-45C3-A36E-A8B3AF61367F", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "F2ADF37B-FCEB-4735-82D9-4241E3A4DE64", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "D7722F39-9B7E-4267-B757-B9570B039323", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "F37D18F2-8C6A-4557-85DC-2A751595423C", versionEndIncluding: "6.1.0", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "C88B0206-093A-4A18-8322-A1CD1D4ACF2A", versionEndIncluding: "7.1.0", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", matchCriteriaId: "427DA624-2397-4A61-A2ED-23F5C22C174E", versionEndIncluding: "8.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB30733E-68FC-49C4-86C0-7FEE75C366BF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", matchCriteriaId: "6361DAC6-600F-4B15-8797-D67F298F46FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6ADE5E80-06D3-4A1B-A655-FBB6CCA03939", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*", matchCriteriaId: "E8FD5E05-3C58-465F-9D4F-ECC2CD78DCFF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "75A43965-CB2E-4C28-AFC3-1ADE7A6B845C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*", matchCriteriaId: "0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4F2D2745-242C-4603-899E-70C9025BDDD2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*", matchCriteriaId: "EFB4541D-5EF7-4266-BFF3-2DDEC95E8012", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B7FD1DA9-7980-4643-B378-7095892DA176", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*", matchCriteriaId: "347E9E3E-941C-4109-B59F-B9BB05486B34", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AD661062-0D5B-4671-9D92-FEF8D7395C1E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*", matchCriteriaId: "8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B36CECA5-4545-49C2-92EB-B739407B207F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E7549A-DE35-4274-B3F6-22D51C7A6613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*", matchCriteriaId: "CBD9362E-F36F-4820-A29E-5BDDF6AC3ACE", versionEndIncluding: "5.6.4", versionStartIncluding: "5.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*", matchCriteriaId: "02630E85-191E-4C58-B81B-4DAF93A26856", versionEndExcluding: "6.0.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*", matchCriteriaId: "65D5476E-FBF9-474B-87E1-B6459E52736C", versionEndExcluding: "3.0.0", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "DDD5E877-978C-4A16-B6C5-41A30D020B54", versionEndExcluding: "9.0.0", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E0F04157-FB34-4F22-B328-6BE1F2373DEE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BB28F9AF-3D06-4532-B397-96D7E4792503", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "A5553591-073B-45E3-999F-21B8BA2EEE22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "523CD57C-43D4-4C79-BA00-A9A65C6588E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "77C3DD16-1D81-40E1-B312-50FBD275507C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "81DAC8C0-D342-44B5-9432-6B88D389584F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", matchCriteriaId: "C4534CF9-D9FD-4936-9D8C-077387028A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", matchCriteriaId: "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", matchCriteriaId: "CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*", matchCriteriaId: "F6E5E8B0-EDE5-4FE4-880C-766FAE1EA42C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "D8EDA23C-7F75-4712-AF3F-B0E3597810B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*", matchCriteriaId: "5D139E52-0528-4D05-8502-1AB9AB10CA9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*", matchCriteriaId: "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*", matchCriteriaId: "C05190B9-237F-4E2E-91EA-DB1B738864AD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D5D0F0C0-75EB-4685-A4CD-E58D1F2C6FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*", matchCriteriaId: "B59717B5-34D5-4C83-904A-884ED30DFC19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*", matchCriteriaId: "19BA6F25-B88A-42A1-A9E3-2DCF4E8F51A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*", matchCriteriaId: "4E28B437-64A8-456C-98A1-4ADF5B6A2F60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*", matchCriteriaId: "2D705705-0D0D-468B-A140-C9A1B7A6CE6F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "07BB35D4-9CCD-43D3-B482-E0BEB3BF2351", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*", matchCriteriaId: "FB468FEE-A0F4-49A0-BBEE-10D0733C87D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*", matchCriteriaId: "DB290045-2140-47EE-9BB4-35BAE8F1599C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "98F3E643-4B65-4668-BB11-C61ED54D5A53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CDCE0E90-495E-4437-8529-3C36441FB69D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*", matchCriteriaId: "83800E2F-804C-485D-A8FA-F4B32CDB4548", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "60BEB1C6-C279-4BB0-972C-BE28A6605C09", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", matchCriteriaId: "0B1CAD50-749F-4ADB-A046-BF3585677A58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", matchCriteriaId: "C637AC8A-F5F7-447E-A7F6-D6BA7AB45DF9", versionEndIncluding: "5.6.43", versionStartIncluding: "5.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", matchCriteriaId: "CA988288-7D0C-4ADE-BE61-484D2D555A8A", versionEndIncluding: "5.7.25", versionStartIncluding: "5.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", matchCriteriaId: "0E106D13-CBF8-4A2C-8E89-A66C6EF5D408", versionEndIncluding: "8.0.15", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "DFBC7A65-3C0B-4B17-B087-250E69EE5B12", versionEndIncluding: "4.0.8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "A443D73A-63BE-4D1F-B605-0F7D20915518", versionEndIncluding: "8.0.14", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "71CD99E7-3FE7-42E2-B480-7AA0E543340E", versionEndIncluding: "8.0.16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", matchCriteriaId: "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", matchCriteriaId: "B5265C91-FF5C-4451-A7C2-D388A65ACFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*", matchCriteriaId: "62DAD71E-A6D5-4CA9-A016-100F2D5114A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", matchCriteriaId: "F457852F-D998-4BCF-99FE-09C6DFC8851A", versionEndExcluding: "7.1.15", versionStartIncluding: "7.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", matchCriteriaId: "ACA311D7-0ADC-497A-8A47-5AB864F201DE", versionEndExcluding: "8.0.20", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", matchCriteriaId: "0F57DBD8-DCA7-43FB-AC9E-6BDBB3EBE500", versionEndExcluding: "8.1.8", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", matchCriteriaId: "AD1987BB-8F42-48F0-8FE2-70ABD689F434", versionEndExcluding: "9.0.2", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "D107EC29-67E7-40C3-8E5A-324C9105C5E4", versionEndIncluding: "6.8.1", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "FD2FB20C-EC88-4CD3-BC6E-1E65FAFADC36", versionEndExcluding: "6.17.0", versionStartIncluding: "6.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "74FB695D-2C76-47AB-988E-5629D2E695E5", versionEndIncluding: "8.8.1", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "A94F4836-1873-43F4-916E-9D9B302A053A", versionEndExcluding: "8.15.1", versionStartIncluding: "8.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", }, { lang: "es", value: "Si una aplicación encuentra un error de protocolo \"fatal\" y llama a SSL_shutdown() dos veces (una vez para enviar un close_notify y otra vez para recibir uno de éstos), posteriormente OpenSLL puede responder de manera diferente a la aplicación llamante si un registro de 0 byte se recibe con un relleno inválido, comparado con si un registro de 0 bytes se recibe con un MAC inválido.", }, ], id: "CVE-2019-1559", lastModified: "2024-11-21T04:36:48.960", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-27T23:29:00.277", references: [ { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107174", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2437", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2439", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2471", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-10", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190301-0001/", }, { source: "openssl-security@openssl.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190301-0002/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K18549143", }, { source: "openssl-security@openssl.org", url: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3899-1/", }, { source: "openssl-security@openssl.org", tags: [ "Broken Link", ], url: "https://usn.ubuntu.com/4376-2/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4400", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20190226.txt", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-02", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2437", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2471", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190301-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190301-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K18549143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3899-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://usn.ubuntu.com/4376-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4400", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20190226.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-03", }, ], sourceIdentifier: "openssl-security@openssl.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-26 04:15
Modified
2024-11-21 05:29
Severity ?
Summary
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://dl.acm.org/doi/10.1145/3372297.3417884 | Technical Description, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20220331-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dl.acm.org/doi/10.1145/3372297.3417884 | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220331-0003/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "CDB8BD32-CDED-49F6-9973-4CE2DC1F79A4", versionEndIncluding: "5.6.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*", matchCriteriaId: "280AA828-6FA9-4260-8EC1-019423B966E1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "020C93EF-D94B-43CC-9F92-65F046D7EC19", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.", }, { lang: "es", value: "Se ha detectado un problema en el kernel de Linux versiones hasta 5.16.11. El método de asignación de IPID mixto con la política de asignación de IPID basada en hash permite a un atacante fuera de la ruta inyectar datos en la sesión TCP de una víctima o terminar esa sesión.", }, ], id: "CVE-2020-36516", lastModified: "2024-11-21T05:29:43.833", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-26T04:15:06.933", references: [ { source: "cve@mitre.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://dl.acm.org/doi/10.1145/3372297.3417884", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220331-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://dl.acm.org/doi/10.1145/3372297.3417884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220331-0003/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-27 15:15
Modified
2024-11-21 05:01
Severity ?
Summary
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sqlite | sqlite | * | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| netapp | cloud_backup | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| brocade | fabric_operating_system | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| debian | debian_linux | 9.0 | |
| siemens | sinec_infrastructure_network_services | * | |
| apple | icloud | * | |
| apple | itunes | * | |
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | macos | * | |
| apple | tvos | * | |
| apple | watchos | * | |
| oracle | communications_network_charging_and_control | * | |
| oracle | communications_network_charging_and_control | 6.0.1 | |
| oracle | outside_in_technology | 8.5.4 | |
| oracle | outside_in_technology | 8.5.5 | |
| oracle | zfs_storage_appliance_kit | 8.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*", matchCriteriaId: "7B0C3C64-D3B1-4B06-B792-F2E07743D0FE", versionEndExcluding: "3.32.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "41CD1160-B681-41EF-9EB4-06CE0F53C501", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", matchCriteriaId: "5AD2710B-E1DB-4D6C-9A0E-1EC033AEC709", versionEndExcluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", matchCriteriaId: "82AF1567-8217-464E-896E-874EBB0FE463", versionEndExcluding: "12.10.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "10CC9ED4-9AE1-415A-94FF-60CB209506CA", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "16AF4D2F-3C55-4DCC-A253-3F8CB4F453EF", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "F2EE75CC-3796-416A-9E58-64788BB89240", versionEndExcluding: "11.0.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "0D16EC4D-D2E7-476D-BFBC-3703C8F0B45E", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "C117BCCF-7789-40BB-AD25-1E712F6DCF7C", versionEndExcluding: "7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A", versionEndIncluding: "12.0.3", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*", matchCriteriaId: "72F1A960-EBA5-4BDB-B629-20F0D2384562", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*", matchCriteriaId: "3198F822-43F8-4CB3-97F7-C2982FDA5CBD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.", }, { lang: "es", value: "El archivo ext/fts3/fts3.c en SQLite versiones anteriores a la versión 3.32.0, tiene un uso de la memoria previamente liberada en la función fts3EvalNextRow, relacionado con la funcionalidad snippet.", }, ], id: "CVE-2020-13630", lastModified: "2024-11-21T05:01:38.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-27T15:15:12.867", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/19", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/20", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/22", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-26", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://sqlite.org/src/info/0d69f76f0865f962", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211843", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211844", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211850", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211931", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211935", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211952", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://usn.ubuntu.com/4394-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://sqlite.org/src/info/0d69f76f0865f962", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211844", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211850", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211952", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://usn.ubuntu.com/4394-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-18 18:15
Modified
2024-11-21 05:00
Severity ?
Summary
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F4679B03-664B-40B0-91D8-597E13ED6B42", versionEndIncluding: "5.6.13", versionStartIncluding: "3.16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "4B7DA42F-5D64-4967-A2D4-6210FE507841", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.", }, { lang: "es", value: "En la función gadget_dev_desc_UDC_store en el archivo drivers/usb/gadget/configfs.c en el kernel de Linux versión 3.16 hasta la versión 5.6.13, se basa en kstrdup sin considerar la posibilidad de un valor \"\\0\" interno, lo que permite a atacantes desencadenar una lectura fuera de límites, también se conoce como CID-15753588bcd4", }, ], id: "CVE-2020-13143", lastModified: "2024-11-21T05:00:44.170", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-18T18:15:11.347", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4411-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4412-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4413-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4419-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-usb/msg194331.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=d126cf46f829d146dde3e6a8963e095ac6cfcd1c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15753588bcd4bbffae1cca33c8ced5722477fe1f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4411-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4412-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4413-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4414-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4419-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4698", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.spinics.net/lists/linux-usb/msg194331.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-07 14:29
Modified
2024-11-21 04:02
Severity ?
Summary
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "E21EF678-8293-4EB3-BEA1-B35262A1C235", versionEndExcluding: "3.16.72", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "458642C9-EADA-40E1-BBD4-F93D0220E4BD", versionEndExcluding: "3.18.140", versionStartIncluding: "3.17", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AE7DF4B1-8B78-42F2-A108-584CA5F8DBF5", versionEndExcluding: "4.4.180", versionStartIncluding: "3.19", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "9A08496C-3120-48ED-B9B6-180169E0EA86", versionEndExcluding: "4.9.175", versionStartIncluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "64B07173-A2F3-4A68-AD8A-EB01E3580532", versionEndExcluding: "4.14.118", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "BD5E80B1-CDA7-409E-8729-298910620147", versionEndExcluding: "4.19.42", versionStartIncluding: "4.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BD2438E2-0693-45E0-998E-0E9010525E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "42836A1C-81BB-4F80-9E32-EEE0DAA18D26", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*", matchCriteriaId: "F74F467A-0C81-40D9-BA06-40FB8EF02C04", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "345A90A9-6F29-4620-AA13-D54F9C6D2617", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", matchCriteriaId: "13270F58-E106-48CE-9933-E68AABBBFC21", versionStartIncluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", versionStartIncluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.", }, { lang: "es", value: "Fue descubierto un fallo en el kernel de Linux anterior a 4.20. Hay una condición de carrera en smp_task_timedout() y smp_task_done() en drivers/scsi/libsas/sas_expander.c, permitiendo el uso después de liberación de memoria.", }, ], id: "CVE-2018-20836", lastModified: "2024-11-21T04:02:16.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-07T14:29:00.303", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108196", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/13", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/18", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K11225249", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4076-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4495", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4497", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K11225249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4076-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4497", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-25 15:15
Modified
2024-11-21 06:41
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_volumes_ontap_mediator | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | storagegrid | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B2A2E0DA-9949-495C-AC30-A21F364D71E1", versionEndIncluding: "4.19", versionStartIncluding: "4.18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*", matchCriteriaId: "280AA828-6FA9-4260-8EC1-019423B966E1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "A0DA944C-4992-424D-BC82-474585DAC5DF", versionEndIncluding: "11.70.2", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.", }, { lang: "es", value: "Se ha detectado un problema en el Kernel de Linux de la 4.18 a 4.19, una actualización inapropiada de la referencia sock en el paso TCP puede conllevar a una pérdida de memoria/netns, que puede ser usada por clientes remotos", }, ], id: "CVE-2022-1678", lastModified: "2024-11-21T06:41:14.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "security@openanolis.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-25T15:15:07.887", references: [ { source: "security@openanolis.org", tags: [ "Third Party Advisory", ], url: "https://anas.openanolis.cn/cves/detail/CVE-2022-1678", }, { source: "security@openanolis.org", tags: [ "Third Party Advisory", ], url: "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143", }, { source: "security@openanolis.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.openanolis.cn/show_bug.cgi?id=61", }, { source: "security@openanolis.org", tags: [ "Permissions Required", ], url: "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b", }, { source: "security@openanolis.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a", }, { source: "security@openanolis.org", url: "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/", }, { source: "security@openanolis.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220715-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://anas.openanolis.cn/cves/detail/CVE-2022-1678", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://anas.openanolis.cn/errata/detail/ANSA-2022:0143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.openanolis.cn/show_bug.cgi?id=61", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://gitee.com/anolis/cloud-kernel/commit/bed537da691b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/0a70f118475e037732557796accd0878a00fc25a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing%40gmail.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220715-0001/", }, ], sourceIdentifier: "security@openanolis.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-911", }, ], source: "security@openanolis.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-22 22:15
Modified
2024-11-21 06:02
Severity ?
Summary
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update291:*:*:*:*:*:*", matchCriteriaId: "CC7644D5-EEA1-4FA8-8F5E-9C476DACF956", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update281:*:*:*:*:*:*", matchCriteriaId: "3484EAC9-2F68-4952-8F0B-D1B83B5956CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.10:*:*:*:*:*:*:*", matchCriteriaId: "5FCE2C42-BFFB-4E1E-9E37-07F334BA3C12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:16.0.0:*:*:*:*:*:*:*", matchCriteriaId: "16BDD043-0138-4F9E-A369-B1AA779CA4C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jre:1.8.0:update281:*:*:*:*:*:*", matchCriteriaId: "6DFA7B46-AA37-4943-81A1-DF8C7F2CB038", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "058C7C4B-D692-49DE-924A-C2725A8162D3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "0F0434A5-F2A1-4973-917C-A95F2ABE97D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "96DD93E0-274E-4C36-99F3-EEF085E57655", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "C5344C25-BD71-4228-903F-E419A4455F5F", versionEndIncluding: "11.0.10", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "4D1453F5-ABB5-48F8-9C1C-69EEEE3949A5", versionEndIncluding: "13.0.6", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "8602555C-1C07-4A4C-8DBB-5D304366A7E7", versionEndIncluding: "15.0.2", versionStartIncluding: "15", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*", matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*", matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*", matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*", matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*", matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*", matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*", matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*", matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*", matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*", matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*", matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*", matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*", matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*", matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*", matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*", matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*", matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*", matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*", matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:16:*:*:*:*:*:*:*", matchCriteriaId: "DCFB65CD-98D5-4024-86CF-130D70DC5A5F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5", versionEndExcluding: "5.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*", matchCriteriaId: "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*", matchCriteriaId: "7B00DDE7-7002-45BE-8EDE-65D964922CB0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*", matchCriteriaId: "DB88C165-BB24-49FB-AAF6-087A766D5AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*", matchCriteriaId: "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*", matchCriteriaId: "7DE847E0-431D-497D-9C57-C4E59749F6A0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*", matchCriteriaId: "46385384-5561-40AA-9FDE-A2DE4FDFAD3E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*", matchCriteriaId: "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*", matchCriteriaId: "9E4E5481-1070-4E1F-8679-1985DE4E785A", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*", matchCriteriaId: "D9EEA681-67FF-43B3-8610-0FA17FD279E5", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*", matchCriteriaId: "C33BA8EA-793D-4E79-BE9C-235ACE717216", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*", matchCriteriaId: "823DBE80-CB8D-4981-AE7C-28F3FDD40451", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", }, { lang: "es", value: "Una vulnerabilidad en el producto Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Java SE: 7u291, 8u281, 11.0.10, 16; Java SE integrado: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 y 21.0.0.2. La vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en la creación, eliminación o modificación no autorizada del acceso a datos críticos o todos los datos accesibles de Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a las implementaciones de Java que cargan y ejecutan código que no es confiable (p. Ej., código que proviene de Internet) y confía en el sandbox de Java para la seguridad. También puede ser explotado proporcionando datos no confiables a las API en el Componente especificado. CVSS 3.1 Puntuación Base 5.9 (Impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)", }, ], id: "CVE-2021-2161", lastModified: "2024-11-21T06:02:30.543", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "secalert_us@oracle.com", type: "Secondary", }, ], }, published: "2021-04-22T22:15:13.037", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", }, { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { source: "secalert_us@oracle.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-05", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4899", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202209-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210513-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2021.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 20.3.5 | |
| oracle | graalvm | 21.3.1 | |
| oracle | graalvm | 22.0.0.2 | |
| oracle | java_se | 7u331 | |
| oracle | java_se | 8u321 | |
| oracle | java_se | 11.0.14 | |
| oracle | java_se | 17.0.2 | |
| oracle | java_se | 18 | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_secure_agent | - | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | e-series_santricity_storage_manager | - | |
| netapp | e-series_santricity_web_services | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | oncommand_insight | - | |
| netapp | santricity_unified_manager | - | |
| netapp | solidfire | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| debian | debian_linux | 9.0 | |
| azul | zulu | 6.45 | |
| azul | zulu | 7.52 | |
| azul | zulu | 8.60 | |
| azul | zulu | 11.54 | |
| azul | zulu | 13.46 | |
| azul | zulu | 15.38 | |
| azul | zulu | 17.32 | |
| azul | zulu | 18.28 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "079F2588-2746-408B-9BB0-9A569289985B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "51600424-E294-41E0-9C8B-12D0C3456027", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "C3D12B98-032F-49A6-B237-E0CAD32D9A25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:7u331:*:*:*:*:*:*:*", matchCriteriaId: "C15F860C-6B33-4950-B443-E2A7D4639573", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:8u321:*:*:*:*:*:*:*", matchCriteriaId: "696E27A2-34A2-49A8-BEF4-61718D11DD2F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:11.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2A9F8A53-6CBE-45EF-A920-4D448B9CE31F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:17.0.2:*:*:*:*:*:*:*", matchCriteriaId: "00AC1B6D-9156-40A3-B606-845CCC33D724", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:18:*:*:*:*:*:*:*", matchCriteriaId: "022EC03C-1574-4421-9AB7-0EEF0D089322", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569", versionEndIncluding: "11.70.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*", matchCriteriaId: "850B5359-7804-406B-9DC9-D22D65ACEE40", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*", matchCriteriaId: "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*", matchCriteriaId: "6AC61C25-871B-4F6F-A5F0-77359F373681", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*", matchCriteriaId: "12A59E25-5ED3-4A6D-95F6-45750866E0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*", matchCriteriaId: "FC0DC492-706E-42FE-8757-71873B53C417", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*", matchCriteriaId: "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*", matchCriteriaId: "28D25E37-5479-4876-B46C-28FF87384852", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*", matchCriteriaId: "7AD8BF00-C510-4E63-8949-CB64E9043610", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", }, { lang: "es", value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JNDI). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan código no confiable (por ejemplo, código procedente de Internet) y que dependen del sandbox de Java para su seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)", }, ], id: "CVE-2022-21496", lastModified: "2024-11-21T06:44:50.123", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-19T21:15:18.497", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { source: "secalert_us@oracle.com", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20191205-0001/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4208-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20191205-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4208-1/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "316A2191-9BA1-4C58-A61C-29F91E2CF3B7", versionEndExcluding: "5.3.9", versionStartIncluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.4:rc1:*:*:*:*:*:*", matchCriteriaId: "AD561918-619D-4363-8330-53B4B903D2CE", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.4:rc2:*:*:*:*:*:*", matchCriteriaId: "DCF307A4-6CF2-43FA-94E5-2EBB1033634B", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.4:rc3:*:*:*:*:*:*", matchCriteriaId: "72D64137-DAA7-40C0-8BAD-9DBCB285BC00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD1E9594-C46F-40D1-8BC2-6B16635B55C4", versionEndIncluding: "11.60.3", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "046FB51E-B768-44D3-AEB5-D857145CA840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "952F55C9-7E7C-4539-9D08-E736B3488569", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "9FED1B0D-F901-413A-85D9-05D4C427570D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89706810-031B-49F0-B353-FD27FD7B2776", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8300:-:*:*:*:*:*:*:*", matchCriteriaId: "03BCC59D-C782-4149-B6DC-5DDAFAB48F2D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD1E822-1EA6-4E62-A58B-2378149D20DC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas8700:-:*:*:*:*:*:*:*", matchCriteriaId: "E07EAE5F-B1B5-4FDA-9B50-8CB1D2AFC5A0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.", }, { lang: "es", value: "Una pérdida de memoria en la función fastrpc_dma_buf_attach() en el archivo drivers/misc/fastrpc.c en el kernel de Linux versiones anteriores a la versión 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función dma_get_sgtable(), también se conoce como CID-fc739a058d99.", }, ], id: "CVE-2019-19069", lastModified: "2024-11-21T04:34:07.633", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:12.920", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4208-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4208-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-29 13:15
Modified
2024-11-21 04:58
Severity ?
Summary
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C0FB4B86-B8D8-473E-8D1D-3C058D143AF6", versionEndExcluding: "4.19.119", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "0ABDE4F3-29C6-459E-B0B7-751B93447AF0", versionEndExcluding: "5.4.36", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "D62C084A-6676-40AF-868A-D90CDFAB7DDD", versionEndExcluding: "5.6.8", versionStartIncluding: "5.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "4B7DA42F-5D64-4967-A2D4-6210FE507841", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.", }, { lang: "es", value: "En el kernel de Linux versión 4.9 hasta la versión 5.6.7, en la plataforma s390, una ejecución de código puede presentarse debido a una condición de carrera, como es demostrado por el código en la función enable_sacf_uaccess en el archivo arch/s390/lib/uaccess.c que presenta un fallo al proteger contra una actualización concurrente de la tabla de página, también se conoce como CID-3f777e19d171. Tambíen podría ocurrir un bloqueo", }, ], id: "CVE-2020-11884", lastModified: "2024-11-21T04:58:49.463", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-29T13:15:11.647", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4342-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4343-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4345-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4667", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=215d1f3928713d6eaec67244bcda72105b898000", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f777e19d171670ab558a6d5e6b1ac7f9b6c574f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQUVKC3IPUC5B374VVAZV4J5P3GAUGSW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKVJMS4GQRH5SO35WM5GINCFAGXQ3ZW6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4342-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4343-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4345-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4667", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-04 15:15
Modified
2024-11-21 05:27
Severity ?
Summary
There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1911691 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1911691 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202107-24 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210212-0007/ | Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", matchCriteriaId: "7FF09EA1-994B-4950-B853-1FB4F936A162", versionEndExcluding: "2.34", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "390BCCEF-BD91-426B-B89C-D9371A02FA9C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.", }, { lang: "es", value: "Se presenta un fallo en bfd_pef_parse_function_stubs de bfd/pef.c en binutils en versiones anteriores a la 2.34 que podría permitir a un atacante que sea capaz de enviar un archivo crafteado para ser procesado por objdump causar una desviación de puntero NULL. La mayor amenaza de este defecto es la disponibilidad de la aplicación", }, ], id: "CVE-2020-35507", lastModified: "2024-11-21T05:27:27.300", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-04T15:15:15.200", references: [ { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911691", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1911691", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210212-0007/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-28 07:15
Modified
2024-11-21 05:23
Severity ?
Summary
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C71BFD4A-2DEA-4D11-9377-844917036DA6", versionEndExcluding: "5.4.54", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "1F1EFE18-1606-441B-B25C-6A6DF5D9153A", versionEndExcluding: "5.7.11", versionStartIncluding: "5.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.", }, { lang: "es", value: "Se detectó un problema en el archivo mm/mmap.c en el kernel de Linux versiones anteriores a 5.7.11. Se presenta una condición de carrera entre determinadas funciones expand (expand_downwards y expand_upwards) y operaciones de liberación de page-table de una llamada munmap, también se conoce como CID-246c320a8cfe", }, ], id: "CVE-2020-29369", lastModified: "2024-11-21T05:23:55.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-28T07:15:11.537", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/10/6", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/19/8", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2056", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210115-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/10/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/19/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2056", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210115-0001/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-14 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", matchCriteriaId: "9A702C04-FA3B-4A88-8354-D7683A3329C1", versionEndExcluding: "7.74.0", versionStartIncluding: "7.41.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4BC4299D-05D3-4875-BC79-C3DC02C88ECE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "B0E97851-4DFF-4852-A339-183331F4ACBC", versionEndExcluding: "10.14.6", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "DB8A73F8-3074-4B32-B9F6-343B6B1988C5", versionEndExcluding: "10.15.7", versionStartIncluding: "10.15", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", matchCriteriaId: "26108BEF-0847-4AB0-BD98-35344DFA7835", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", matchCriteriaId: "0FD3467D-7679-479F-9C0B-A93F7CD0929D", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", matchCriteriaId: "D4C6098E-EDBD-4A85-8282-B2E9D9333872", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", matchCriteriaId: "518BB47B-DD76-4E8C-9F10-7EBC1E146191", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*", matchCriteriaId: "63940A55-D851-46EB-9668-D82BEFC1FE95", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*", matchCriteriaId: "68C7A97A-3801-44FA-96CA-10298FA39883", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*", matchCriteriaId: "6D69914D-46C7-4A0E-A075-C863C1692D33", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*", matchCriteriaId: "9CDB4476-B521-43E4-A129-8718A8E0A8CD", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*", matchCriteriaId: "9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", matchCriteriaId: "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", matchCriteriaId: "F1F4BF7F-90D4-4668-B4E6-B06F4070F448", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*", matchCriteriaId: "0F441A43-1669-478D-9EC8-E96882DE4F9F", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*", matchCriteriaId: "C1C795B9-E58D-467C-83A8-2D45C792292F", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "4E699CCC-31F5-458E-A59C-79B3AF143747", versionEndExcluding: "11.3", versionStartIncluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_tim_1531_irc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0BF5425F-6AC5-496F-B8BD-1C0BF5D04D1F", versionEndIncluding: "2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_tim_1531_irc:-:*:*:*:*:*:*:*", matchCriteriaId: "AEFDF765-44F4-45CB-8A28-FD7D355310DA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E39D442D-1997-49AF-8B02-5640BE2A26CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "4479F76A-4B67-41CC-98C7-C76B81050F8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*", matchCriteriaId: "394A16F2-CCD4-44E5-BF6B-E0C782A9FA38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.", }, { lang: "es", value: "curl versiones 7.41.0 hasta 7.73.0, es vulnerable a una comprobación inapropiada para la revocación del certificado debido a una verificación insuficiente de la respuesta OCSP", }, ], id: "CVE-2020-8286", lastModified: "2024-11-21T05:38:39.643", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-14T20:15:14.043", references: [ { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/50", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/51", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/54", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "support@hackerone.com", tags: [ "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2020-8286.html", }, { source: "support@hackerone.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/1048457", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202012-14", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212325", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212326", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212327", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/50", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/51", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Apr/54", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://curl.se/docs/CVE-2020-8286.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://hackerone.com/reports/1048457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202012-14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210122-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212326", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4881", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-05 21:15
Modified
2024-11-21 05:59
Severity ?
Summary
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | cloud_backup | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node_firmware | - | |
| netapp | hci_storage_node | - | |
| oracle | communications_offline_mediation_controller | 12.0.0.3.0 | |
| oracle | zfs_storage_appliance | 8.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "7974AA7F-3FC7-437C-80C4-8581BC18F883", versionEndExcluding: "8.5", versionStartIncluding: "8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4BC4299D-05D3-4875-BC79-C3DC02C88ECE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "49ACFC73-A509-4D1C-8FC3-F68F495AB055", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:zfs_storage_appliance:8.8:*:*:*:*:*:*:*", matchCriteriaId: "18096778-19E1-434F-BD96-A9FBF11A8C81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.", }, { lang: "es", value: "ssh-agent en OpenSSH versiones anteriores a 8.5, presenta una doble liberación que puede ser relevante en algunos escenarios menos comunes, como el acceso sin restricciones al socket del agente en un sistema operativo heredado o el reenvío de un agente a un host controlado por el atacante", }, ], id: "CVE-2021-28041", lastModified: "2024-11-21T05:59:01.940", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-05T21:15:13.200", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-35", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210416-0002/", }, { source: "cve@mitre.org", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://www.openssh.com/security.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.openssh.com/txt/release-8.5", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/03/03/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQWGII3LQR4AOTPPFXGMTYE7UDEWIUKI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXST2CML2MWY3PNVUXX7FFJE3ATJMNVZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-35", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210416-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://www.openssh.com/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.openssh.com/txt/release-8.5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/03/03/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-415", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 06:56
Severity ?
Summary
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/1553301 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://security.gentoo.org/glsa/202212-01 | Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20220609-0009/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1553301 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202212-01 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220609-0009/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | clustered_data_ontap | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_compute_node | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "847EB547-3EB5-4A0C-83DF-D9EFE7FA8B89", versionEndExcluding: "7.83.1", versionStartIncluding: "7.82.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's \"cookie engine\" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.", }, { lang: "es", value: "libcurl permite erróneamente que se establezcan cookies para Dominios de Alto Nivel (TLDs) si el nombre de host es proporcionado con un punto al final. curl puede recibir y enviar cookies. \"cookie engine\" de curl puede construirse con o sin conocimiento de la [Lista de Sufijos Públicos] (https://publicsuffix.org/). Si no es proporcionado soporte de PSL, se presenta una comprobación más rudimentaria para al menos evitar que sean establecidas cookies en los TLD. Esta comprobación no funcionaba si el nombre del host en la URL usaba un punto al final, lo que podía permitir que sitios arbitrarios establecieran cookies que sean enviadas a un sitio o dominio diferente y no relacionado", }, ], id: "CVE-2022-27779", lastModified: "2024-11-21T06:56:10.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-02T14:15:44.093", references: [ { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1553301", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1553301", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0009/", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-201", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "EB2904AC-AD7A-498D-8619-CBB421E9165D", versionEndIncluding: "5.3.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "5C0ADE5D-F91D-4E0D-B6C5-3511B19665F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5AF71C49-ADEF-4EE2-802C-6159ADD51355", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*", matchCriteriaId: "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*", matchCriteriaId: "24377899-5389-4BDC-AC82-0E4186F4DE53", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*", matchCriteriaId: "23FE83DE-AE7C-4313-88E3-886110C31302", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*", matchCriteriaId: "490B327B-AC20-419B-BB76-8AB6971304BB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*", matchCriteriaId: "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*", matchCriteriaId: "6CA74E8B-51E2-4A7C-8A98-0583D31134A6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*", matchCriteriaId: "7B64AB37-A1D9-4163-A51B-4C780361F1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*", matchCriteriaId: "7BE9C9D7-9CED-4184-A190-1024A6FB8C82", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*", matchCriteriaId: "B73D4C3C-A511-4E14-B19F-91F561ACB1B8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*", matchCriteriaId: "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*", matchCriteriaId: "039C3790-5AA2-4895-AEAE-CC84A71DB907", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*", matchCriteriaId: "B4592238-D1F2-43D6-9BAB-2F63ECF9C965", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*", matchCriteriaId: "0BA78068-80E9-4E49-9056-88EAB7E3682C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*", matchCriteriaId: "092F366C-E8B0-4BE5-B106-0B7A73B08D34", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*", matchCriteriaId: "E7992E92-B159-4810-B895-01A9B944058A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*", matchCriteriaId: "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "66EEA3CA-8CC7-4F0B-8204-6132D4114873", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", matchCriteriaId: "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.", }, { lang: "es", value: "Una pérdida de memoria en la función cx23888_ir_probe() en el archivo drivers/media/pci/cx23885/cx23888-ir.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función de kfifo_alloc(), también se conoce como CID-a7b2df76b42b.", }, ], id: "CVE-2019-19054", lastModified: "2024-11-21T04:34:05.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.7, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:11.967", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4525-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4526-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4527-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/a7b2df76b42bdd026e3106cf2ba97db41345a177", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4525-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4526-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4527-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-09 21:15
Modified
2024-11-21 05:00
Severity ?
Summary
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_backup | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| netapp | a700s_firmware | - | |
| netapp | a700s | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h610c_firmware | - | |
| netapp | h610c | - | |
| netapp | h610s_firmware | - | |
| netapp | h610s | - | |
| netapp | h615c_firmware | - | |
| netapp | h615c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "816D2241-78E2-4919-9B29-C2CF0F6BDB67", versionEndExcluding: "5.4.17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "4B7DA42F-5D64-4967-A2D4-6210FE507841", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.", }, { lang: "es", value: "Se detectó un problema en el kernel de Linux versiones anteriores a 5.4.17. El archivo drivers/spi/spi-dw.c, permite a atacantes causar un pánico por medio de llamadas concurrentes a las funciones dw_spi_irq y dw_spi_transfer_one, también se conoce como CID-19b61392c5a8.", }, ], id: "CVE-2020-12769", lastModified: "2024-11-21T05:00:15.053", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-09T21:15:11.100", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Patch", "Technical Description", ], url: "https://lkml.org/lkml/2020/2/3/559", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4391-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19b61392c5a852b4e8a0bf35aecb969983c5932d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Patch", "Technical Description", ], url: "https://lkml.org/lkml/2020/2/3/559", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4391-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-662", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-13 20:15
Modified
2024-11-21 05:18
Severity ?
Summary
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| linux | linux_kernel | 5.9.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| netapp | hci_compute_node_bios | - | |
| netapp | hci_compute_node | - | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C9CA5EDA-9CA4-49FA-AF86-7B150825868E", versionEndExcluding: "5.9.0", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.9.0:-:*:*:*:*:*:*", matchCriteriaId: "B2C150C3-165E-42D6-80D4-87B11340B08C", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.9.0:rc1:*:*:*:*:*:*", matchCriteriaId: "21F51360-AF61-433B-9FD9-D7DE742FABF9", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.9.0:rc2:*:*:*:*:*:*", matchCriteriaId: "AFF43A64-F1B2-49B5-9B1A-3C5287E30CC7", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.9.0:rc3:*:*:*:*:*:*", matchCriteriaId: "7CD5DFA0-15FB-44C2-8C2F-DCABACB998B7", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.9.0:rc4:*:*:*:*:*:*", matchCriteriaId: "DEA3DDD5-5114-44C0-8805-0A0579BB0034", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.9.0:rc5:*:*:*:*:*:*", matchCriteriaId: "573B49F4-C6E1-4032-B46F-70506FE98562", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:5.9.0:rc6:*:*:*:*:*:*", matchCriteriaId: "78F80706-7471-472D-B9A8-ABDB3C714B4B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*", matchCriteriaId: "7C61DF9A-ABDE-44A2-A060-B088428D5064", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.", }, { lang: "es", value: "Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.9-rc7. El tráfico entre dos endpoints Geneve puede no estar cifrado cuando IPsec está configurado para cifrar el tráfico para el puerto UDP específico usado por el túnel GENEVE, permitiendo a cualquier persona entre los dos endpoints leer el tráfico sin cifrar. La principal amenaza de esta vulnerabilidad es la confidencialidad de los datos", }, ], id: "CVE-2020-25645", lastModified: "2024-11-21T05:18:19.557", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-10-13T20:15:12.570", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1883988", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201103-0004/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4774", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1883988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20201103-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4774", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-319", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-319", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-07 21:15
Modified
2024-11-21 07:00
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Summary
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| emo@eclipse.org | https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | Patch, Third Party Advisory | |
| emo@eclipse.org | https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | Mailing List, Third Party Advisory | |
| emo@eclipse.org | https://security.netapp.com/advisory/ntap-20220901-0006/ | Third Party Advisory | |
| emo@eclipse.org | https://www.debian.org/security/2022/dsa-5198 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220901-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5198 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | jetty | * | |
| eclipse | jetty | * | |
| eclipse | jetty | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | element_plug-in_for_vcenter_server | - | |
| netapp | management_services_for_element_software_and_netapp_hci | - | |
| netapp | snapcenter | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| netapp | hci_compute_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "0E883CFA-BABF-43AF-9E8E-216396CAC69F", versionEndExcluding: "9.4.46", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "DB90B12D-86AF-4A9F-8C44-0213FA056919", versionEndExcluding: "10.0.9", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", matchCriteriaId: "4A594F05-BB45-497C-ADF2-2568B3989C65", versionEndIncluding: "11.0.9", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*", matchCriteriaId: "214712B6-59AF-4B5E-84BF-AF3C74A390EA", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*", matchCriteriaId: "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.", }, { lang: "es", value: "En Eclipse Jetty versiones 9.4.0 hasta 9.4.46, y 10.0.0 hasta 10.0.9, y 11.0.0 hasta 11.0.9, el análisis sintáctico del segmento de autoridad de un URI de esquema http, la clase Jetty HttpURI detecta inapropiadamente una entrada no válida como nombre de host. Esto puede conllevar a fallos en un escenario Proxy", }, ], id: "CVE-2022-2047", lastModified: "2024-11-21T07:00:13.840", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "emo@eclipse.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-07T21:15:10.093", references: [ { source: "emo@eclipse.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", }, { source: "emo@eclipse.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { source: "emo@eclipse.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, { source: "emo@eclipse.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5198", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220901-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5198", }, ], sourceIdentifier: "emo@eclipse.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "emo@eclipse.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-02 14:15
Modified
2024-11-21 06:56
Severity ?
Summary
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| support@hackerone.com | https://hackerone.com/reports/1546268 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://security.gentoo.org/glsa/202212-01 | Third Party Advisory | |
| support@hackerone.com | https://security.netapp.com/advisory/ntap-20220609-0008/ | Third Party Advisory | |
| support@hackerone.com | https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1546268 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202212-01 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220609-0008/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5197 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| debian | debian_linux | 11.0 | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | clustered_data_ontap | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | solidfire_\&_hci_storage_node | - | |
| brocade | fabric_operating_system | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "8D455004-7BE1-4033-926B-E5DBF39925FE", versionEndIncluding: "7.82.0", versionStartIncluding: "7.65.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "41CD1160-B681-41EF-9EB4-06CE0F53C501", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información en curl versiones 7.65.0 a 7.82.0, son vulnerables que al usar una dirección IPv6 que estaba en el pool de conexiones pero con un id de zona diferente podría reusar una conexión en su lugar", }, ], id: "CVE-2022-27775", lastModified: "2024-11-21T06:56:09.800", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-02T14:15:43.510", references: [ { source: "support@hackerone.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1546268", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://hackerone.com/reports/1546268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5197", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-25 02:15
Modified
2024-11-21 06:32
Severity ?
Summary
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "DD89F539-A702-48B0-BFD3-7AC4E4A0A41C", versionEndExcluding: "5.13.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "A2EBD848-26BA-4EF6-81C8-83B6DFFC75DB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "05BEB6DA-10B8-43D8-A527-68E26F4875CE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6EDB6772-7FDB-45FF-8D72-952902A7EE56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9955F62A-75D3-4347-9AD3-5947FC365838", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7A6D77C7-A2F4-4700-AB5A-3EC853496ECA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A5753F36-9BB4-47FF-806C-D1C77E8AD0F0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8300:-:*:*:*:*:*:*:*", matchCriteriaId: "BA68733C-FB68-4230-B237-C99AC979AD90", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "299AD352-A486-44A7-8507-FB3C3311BB37", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fabric-attached_storage_8300:-:*:*:*:*:*:*:*", matchCriteriaId: "43E89C80-A70B-48A3-A076-D9F031C25D1C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2A0F881B-5A23-42F7-8A6B-02BDD10A74DA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8700:-:*:*:*:*:*:*:*", matchCriteriaId: "049791FD-C7CE-43E0-8B7B-363B49B40D4A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AE584D20-5B46-42B9-B87D-5F4771CED73F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fabric-attached_storage_8700:-:*:*:*:*:*:*:*", matchCriteriaId: "DF9B5939-68D6-47E1-AFCA-F709F46136C6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56FD9B9A-BBE5-4CA5-B9F9-B16E1FE738C8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "F3E70A56-DBA8-45C7-8C49-1A036501156F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0BA5679F-B7F4-482B-92B3-52121124829F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*", matchCriteriaId: "02F063AC-FC82-45E4-A977-243FB3569904", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "89612649-BACF-4FAC-9BA4-324724FD93A6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*", matchCriteriaId: "F3D9B255-C1AF-42D1-BF9B-13642FBDC080", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*", matchCriteriaId: "F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5921A877-18BF-43FE-915C-D226E140ACFC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*", matchCriteriaId: "7296A1F2-D315-4FD5-8A73-65C480C855BE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.", }, { lang: "es", value: "En la implementación de IPv6 en el kernel de Linux versiones anteriores a 5.13.3, el archivo net/ipv6/output_core.c presenta un filtrado de información debido a determinado uso de una tabla hash que, aunque es grande, no considera apropiadamente que atacantes basados en IPv6 pueden elegir típicamente entre muchas direcciones de origen IPv6", }, ], id: "CVE-2021-45485", lastModified: "2024-11-21T06:32:18.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-25T02:15:06.667", references: [ { source: "cve@mitre.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://arxiv.org/pdf/2112.09604.pdf", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220121-0001/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://arxiv.org/pdf/2112.09604.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220121-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-23 14:15
Modified
2024-11-21 07:10
Severity ?
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| netapp | clustered_data_ontap | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| apple | macos | * | |
| apple | macos | * | |
| debian | debian_linux | 10.0 | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", matchCriteriaId: "B7B9B38C-6728-408E-93C9-98C042DA9DD3", versionEndExcluding: "7.85.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "4D13504E-ABCF-4E6F-8984-EADB123DFDD2", versionEndExcluding: "11.7.3", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "C71359B9-7DCE-4F45-B03F-77CF313A74EA", versionEndExcluding: "12.6.3", versionStartIncluding: "12.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "5722E753-75DE-4944-A11B-556CB299B57D", versionEndExcluding: "8.2.12", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", matchCriteriaId: "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", versionEndExcluding: "9.0.6", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", }, { lang: "es", value: "Cuando curl es usado para recuperar y analizar las cookies de un servidor HTTP(S), acepta las cookies usando códigos de control que cuando son enviados de vuelta a un servidor HTTP podrían hacer que el servidor devolviera respuestas 400. En efecto, permite que un \"sitio hermano\" deniegue el servicio a todos los hermanos.", }, ], id: "CVE-2022-35252", lastModified: "2024-11-21T07:10:58.650", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-23T14:15:12.323", references: [ { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Jan/20", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Jan/21", }, { source: "support@hackerone.com", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://hackerone.com/reports/1613943", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220930-0005/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213603", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Jan/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Jan/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://hackerone.com/reports/1613943", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220930-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213604", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-24 14:15
Modified
2024-11-21 05:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openssh | * | |
| openbsd | openssh | 8.3 | |
| openbsd | openssh | 8.3 | |
| netapp | a700s_firmware | - | |
| netapp | a700s | - | |
| netapp | active_iq_unified_manager | * | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_node | - | |
| broadcom | fabric_operating_system | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", matchCriteriaId: "4BF43EA3-A7C8-404B-B61C-856BA5A45F47", versionEndExcluding: "8.3", vulnerable: true, }, { criteria: "cpe:2.3:a:openbsd:openssh:8.3:-:*:*:*:*:*:*", matchCriteriaId: "BE31BDF5-E836-4783-842C-79A9F4B384E5", vulnerable: true, }, { criteria: "cpe:2.3:a:openbsd:openssh:8.3:p1:*:*:*:*:*:*", matchCriteriaId: "7AF2FAD7-B7B8-4D8E-8BCD-EB7325C2328E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FDD92BFA-9117-4E6E-A13F-ED064B4B7284", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*", matchCriteriaId: "4B7DA42F-5D64-4967-A2D4-6210FE507841", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "046FB51E-B768-44D3-AEB5-D857145CA840", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"", }, { lang: "es", value: "** EN DISPUTA ** scp en OpenSSH versiones hasta 8.3p1 permite una inyección de comandos en la función toremote de scp.c, como lo demuestran los caracteres backtick en el argumento de destino. NOTA: según se informa, el proveedor ha declarado que omite intencionadamente la validación de las \"transferencias de argumentos anómalos\" porque eso podría \"tener grandes posibilidades de romper los flujos de trabajo existentes\"", }, ], id: "CVE-2020-15778", lastModified: "2024-11-21T05:06:09.393", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-07-24T14:15:12.450", references: [ { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2024:3166", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/cpandya2909/CVE-2020-15778/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://news.ycombinator.com/item?id=25005567", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-06", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200731-0007/", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.openssh.com/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:3166", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/cpandya2909/CVE-2020-15778/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://news.ycombinator.com/item?id=25005567", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202212-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200731-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssh.com/security.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-27 15:15
Modified
2024-11-21 05:01
Severity ?
Summary
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sqlite | sqlite | * | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| netapp | cloud_backup | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - | |
| brocade | fabric_operating_system | - | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| siemens | sinec_infrastructure_network_services | * | |
| apple | icloud | * | |
| apple | itunes | * | |
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | macos | * | |
| apple | tvos | * | |
| apple | watchos | * | |
| oracle | communications_network_charging_and_control | * | |
| oracle | communications_network_charging_and_control | 6.0.1 | |
| oracle | outside_in_technology | 8.5.4 | |
| oracle | outside_in_technology | 8.5.5 | |
| oracle | zfs_storage_appliance_kit | 8.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:*", matchCriteriaId: "7B0C3C64-D3B1-4B06-B792-F2E07743D0FE", versionEndExcluding: "3.32.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:brocade:fabric_operating_system:-:*:*:*:*:*:*:*", matchCriteriaId: "41CD1160-B681-41EF-9EB4-06CE0F53C501", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", matchCriteriaId: "B0F46497-4AB0-49A7-9453-CC26837BF253", versionEndExcluding: "1.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", matchCriteriaId: "5AD2710B-E1DB-4D6C-9A0E-1EC033AEC709", versionEndExcluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", matchCriteriaId: "82AF1567-8217-464E-896E-874EBB0FE463", versionEndExcluding: "12.10.9", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", matchCriteriaId: "10CC9ED4-9AE1-415A-94FF-60CB209506CA", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", matchCriteriaId: "16AF4D2F-3C55-4DCC-A253-3F8CB4F453EF", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", matchCriteriaId: "F2EE75CC-3796-416A-9E58-64788BB89240", versionEndExcluding: "11.0.1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", matchCriteriaId: "0D16EC4D-D2E7-476D-BFBC-3703C8F0B45E", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", matchCriteriaId: "C117BCCF-7789-40BB-AD25-1E712F6DCF7C", versionEndExcluding: "7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A", versionEndIncluding: "12.0.3", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "ECC00750-1DBF-401F-886E-E0E65A277409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*", matchCriteriaId: "72F1A960-EBA5-4BDB-B629-20F0D2384562", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*", matchCriteriaId: "3198F822-43F8-4CB3-97F7-C2982FDA5CBD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.", }, { lang: "es", value: "SQLite versiones anteriores a la versión 3.32.0, permite que una tabla virtual sea renombrada con el nombre de una de sus tablas shadow, relacionada con los archivos alter.c y build.c.", }, ], id: "CVE-2020-13631", lastModified: "2024-11-21T05:01:38.243", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-27T15:15:12.947", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/19", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/20", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/22", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-26", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://sqlite.org/src/info/eca0ba2cf4c0fdf7", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211843", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211844", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211850", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211931", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211935", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211952", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://usn.ubuntu.com/4394-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Dec/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Nov/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200608-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://sqlite.org/src/info/eca0ba2cf4c0fdf7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211844", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211850", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://support.apple.com/kb/HT211952", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://usn.ubuntu.com/4394-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-16 19:15
Modified
2024-11-21 06:22
Severity ?
Summary
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "037A6DFB-B41D-4CC7-86C1-A201809B79C4", versionEndExcluding: "5.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.", }, { lang: "es", value: "Se observó un problema de carrera en el la función vt_k_ioctl en el archivo drivers/tty/vt/vt_ioctl.c en el kernel de Linux, que puede causar una lectura fuera de límites en vt ya que el acceso de escritura a vc_mode no está protegido por el bloqueo de vt_ioctl (KDSETMDE). La mayor amenaza de esta vulnerabilidad es para la confidencialidad de los datos", }, ], id: "CVE-2021-3753", lastModified: "2024-11-21T06:22:20.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 1.9, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-16T19:15:08.647", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999589", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221028-0003/", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/09/01/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999589", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221028-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2021/09/01/4", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*", matchCriteriaId: "079F2588-2746-408B-9BB0-9A569289985B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*", matchCriteriaId: "51600424-E294-41E0-9C8B-12D0C3456027", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "C3D12B98-032F-49A6-B237-E0CAD32D9A25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:7.0:update_331:*:*:*:*:*:*", matchCriteriaId: "AC99AA10-93C5-4B27-A991-FD29496FDF1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:8.0:update_321:*:*:*:*:*:*", matchCriteriaId: "C66D72B5-055F-45BD-AD02-C5E086AB5B63", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*", matchCriteriaId: "681BFE5C-6F33-4084-8F0D-2DD573782004", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A29CF53D-7DDC-4B60-8232-6C173083101F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*", matchCriteriaId: "FBA091EC-B5A9-468D-B99C-BB6F333E7B64", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569", versionEndIncluding: "11.70.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*", matchCriteriaId: "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*", matchCriteriaId: "6AC61C25-871B-4F6F-A5F0-77359F373681", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*", matchCriteriaId: "12A59E25-5ED3-4A6D-95F6-45750866E0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*", matchCriteriaId: "FC0DC492-706E-42FE-8757-71873B53C417", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*", matchCriteriaId: "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C", vulnerable: true, }, { criteria: "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*", matchCriteriaId: "28D25E37-5479-4876-B46C-28FF87384852", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "9C0D3169-24B4-4733-BD40-59D0BB5DAC13", versionEndIncluding: "11.0.14", versionStartIncluding: "11", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "D1D003C0-042E-4126-AEDA-F85863FEAB45", versionEndIncluding: "13.0.10", versionStartIncluding: "13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "EC2C87EC-6234-482F-B597-962E3C52D01B", versionEndIncluding: "15.0.6", versionStartIncluding: "15", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", matchCriteriaId: "38F4BE82-B2A6-4E48-B1E0-100ACF94B9CD", versionEndIncluding: "17.0.2", versionStartIncluding: "17", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*", matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*", matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*", matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*", matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*", matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*", matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*", matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*", matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*", matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*", matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*", matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*", matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*", matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*", matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*", matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*", matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*", matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*", matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*", matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*", matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*", matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*", matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*", matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*", matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*", matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*", matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*", matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*", matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*", matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*", matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*", matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*", matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*", matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*", matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update331:*:*:*:*:*:*", matchCriteriaId: "A8971E08-2CA2-46F4-8C26-12D2AFAC3B04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*", matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*", matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*", matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*", matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*", matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*", matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*", matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*", matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*", matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*", matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*", matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*", matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*", matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*", matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*", matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*", matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*", matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*", matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*", matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*", matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*", matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*", matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*", matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*", matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*", matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*", matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*", matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*", matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*", matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*", matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*", matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*", matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*", matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*", matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*", matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*", matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*", matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*", matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*", matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*", matchCriteriaId: "56CBFC1F-C120-44F2-877A-C1C880AA89C4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", }, { lang: "es", value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos críticos o el acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 7.5 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)", }, ], id: "CVE-2022-21476", lastModified: "2024-11-21T06:44:47.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "secalert_us@oracle.com", type: "Secondary", }, ], }, published: "2022-04-19T21:15:17.503", references: [ { source: "secalert_us@oracle.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220429-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Severity ?
Summary
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | element_software | - | |
| netapp | hci_storage_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "4C85356F-2C6C-4FB9-B0CA-949711182223", versionEndExcluding: "5.13.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.", }, { lang: "es", value: "btrfs en el kernel de Linux versiones anteriores a 5.13.4, permite a atacantes causar una denegación de servicio (bloqueo) por medio de procesos que desencadenan la asignación de nuevos trozos del sistema durante los momentos en que hay una escasez de espacio libre en el space_info del sistema", }, ], id: "CVE-2021-38203", lastModified: "2024-11-21T06:16:39.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-08T20:15:07.217", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/1cb3db1cf383a3c7dbda1aa0ce748b0958759947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-667", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-08 16:15
Modified
2024-11-21 04:44
Severity ?
7.5 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| e2fsprogs_project | e2fsprogs | * | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.1 | |
| netapp | hci_compute_node_firmware | - | |
| netapp | hci_compute_node | - | |
| netapp | solidfire\,_enterprise_sds_\&_hci_storage_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:e2fsprogs_project:e2fsprogs:*:*:*:*:*:*:*:*", matchCriteriaId: "27544A8B-C500-4388-AF65-B3027E229DC5", versionEndIncluding: "1.45.4", versionStartIncluding: "1.43.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", matchCriteriaId: "8D305F7A-D159-4716-AB26-5E38BB5CD991", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución de código en la funcionalidad directory rehashing de E2fsprogs e2fsck versión 1.45.4. Un directorio ext4 especialmente diseñado puede causar una escritura fuera de límites en la pila, resultando en una ejecución de código. Un atacante puede corromper una partición para desencadenar esta vulnerabilidad.", }, ], id: "CVE-2019-5188", lastModified: "2024-11-21T04:44:31.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 6, source: "talos-cna@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-08T16:15:11.500", references: [ { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", }, { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html", }, { source: "talos-cna@cisco.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html", }, { source: "talos-cna@cisco.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", }, { source: "talos-cna@cisco.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", }, { source: "talos-cna@cisco.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220506-0001/", }, { source: "talos-cna@cisco.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", }, { source: "talos-cna@cisco.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4249-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220506-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4249-1/", }, ], sourceIdentifier: "talos-cna@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "talos-cna@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Severity ?
Summary
fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6 | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | element_software | - | |
| netapp | hci_storage_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "4C85356F-2C6C-4FB9-B0CA-949711182223", versionEndExcluding: "5.13.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is being used for nfsd.", }, { lang: "es", value: "El archivo fs/nfsd/trace.h en el kernel de Linux versiones anteriores a 5.13.4, podría permitir a atacantes remotos causar una denegación de servicio (lectura fuera de los límites en strlen) mediante el envío de tráfico NFS cuando el marco de eventos de rastreo se está usando para nfsd", }, ], id: "CVE-2021-38202", lastModified: "2024-11-21T06:16:38.897", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-08T20:15:07.180", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/7b08cf62b1239a4322427d677ea9363f0ab677c6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 06:37
Severity ?
Summary
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | gnutls | * | |
| redhat | enterprise_linux | 8.0 | |
| netapp | active_iq_unified_manager | - | |
| netapp | solidfire_\&_hci_management_node | - | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*", matchCriteriaId: "D7F5A2FE-408A-4E36-BC95-40E502C06682", versionEndExcluding: "3.7.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "84574629-EB00-4235-8962-45070F3C9F6A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", }, { lang: "es", value: "Se ha encontrado un fallo de desreferencia de puntero NULL en GnuTLS. Como las funciones de actualización de hash de Nettle llaman internamente a memcpy, proporcionar una entrada de longitud cero puede causar un comportamiento indefinido. Este fallo conlleva a una denegación de servicio tras la autenticación en raras circunstancias.", }, ], id: "CVE-2021-4209", lastModified: "2024-11-21T06:37:09.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-24T16:15:09.927", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-4209", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/gnutls/gnutls/-/issues/1306", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220915-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2021-4209", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2044156", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/gnutls/gnutls/-/issues/1306", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/gnutls/gnutls/-/merge_requests/1503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220915-0005/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-08 20:15
Modified
2024-11-21 06:16
Severity ?
Summary
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | element_software | - | |
| netapp | hci_storage_node | - | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 11.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "4C85356F-2C6C-4FB9-B0CA-949711182223", versionEndExcluding: "5.13.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.", }, { lang: "es", value: "El archivo fs/nfs/nfs4client.c en el kernel de Linux versiones anteriores a 5.13.4, presenta un ordenamiento incorrecto de la configuración de la conexión, que permite a operadores de servidores NFSv4 remotos causar una denegación de servicio (cuelgue de montajes) al disponer de que esos servidores sean inalcanzables durante la detección de trunking", }, ], id: "CVE-2021-38199", lastModified: "2024-11-21T06:16:38.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-08T20:15:07.073", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4978", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/dd99e9f98fbf423ff6d365b37a98e8879170f17c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4978", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-18 06:15
Modified
2024-11-21 04:34
Severity ?
Summary
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "A1229D50-3DAA-4031-97C9-8FF008A36A5F", versionEndExcluding: "4.4.262", versionStartIncluding: "3.8", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "D3BB1DB0-B588-4D26-89CB-F67E73EDA007", versionEndExcluding: "4.9.262", versionStartIncluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "33EEBE13-936B-4210-9B09-9D61A6BE9A35", versionEndExcluding: "4.14.226", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "2083AEA2-E04A-4A55-996D-5BB40D30417A", versionEndExcluding: "4.19.82", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "BC19B2E4-2B1F-44F3-9944-91396EAC744D", versionEndExcluding: "5.3.9", versionStartIncluding: "4.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "5C0ADE5D-F91D-4E0D-B6C5-3511B19665F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", matchCriteriaId: "0EF46487-B64A-454E-AECC-D74B83170ACD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5AF71C49-ADEF-4EE2-802C-6159ADD51355", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*", matchCriteriaId: "B3BC6E59-2134-4A28-AAD2-77C8AE236BCF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*", matchCriteriaId: "24377899-5389-4BDC-AC82-0E4186F4DE53", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*", matchCriteriaId: "23FE83DE-AE7C-4313-88E3-886110C31302", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*", matchCriteriaId: "490B327B-AC20-419B-BB76-8AB6971304BB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*", matchCriteriaId: "8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*", matchCriteriaId: "6CA74E8B-51E2-4A7C-8A98-0583D31134A6", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*", matchCriteriaId: "7B64AB37-A1D9-4163-A51B-4C780361F1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*", matchCriteriaId: "7BE9C9D7-9CED-4184-A190-1024A6FB8C82", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*", matchCriteriaId: "B73D4C3C-A511-4E14-B19F-91F561ACB1B8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*", matchCriteriaId: "0C47D72C-9B6B-4E52-AF0E-56AD58E4A930", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*", matchCriteriaId: "039C3790-5AA2-4895-AEAE-CC84A71DB907", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*", matchCriteriaId: "B4592238-D1F2-43D6-9BAB-2F63ECF9C965", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*", matchCriteriaId: "0BA78068-80E9-4E49-9056-88EAB7E3682C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*", matchCriteriaId: "092F366C-E8B0-4BE5-B106-0B7A73B08D34", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*", matchCriteriaId: "E7992E92-B159-4810-B895-01A9B944058A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*", matchCriteriaId: "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:fas\\/aff_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "66EEA3CA-8CC7-4F0B-8204-6132D4114873", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", matchCriteriaId: "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B2748912-FC54-47F6-8C0C-B96784765B8E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "090AA6F4-4404-4E26-82AB-C3A22636F276", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.", }, { lang: "es", value: "Una pérdida de memoria en la función adis_update_scan_mode_burst() en el archivo drivers/iio/imu/adis_buffer.c en el kernel de Linux versiones anteriores a la versión 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-9c0530e898f3.", }, ], id: "CVE-2019-19060", lastModified: "2024-11-21T04:34:06.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-18T06:15:12.343", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4208-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4210-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4226-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4364-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191205-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4208-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4210-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4226-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4364-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-07 04:15
Modified
2024-11-21 06:16
Severity ?
Summary
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| netapp | hci_bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_storage_node | - | |
| netapp | element_software | - | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| redhat | enterprise_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "1DAFBDE6-EDBA-4AB8-9AF9-6359EB1CE1A0", versionEndExcluding: "4.4.276", versionStartIncluding: "2.6.24", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C79FFC06-9530-4CD7-B651-01D786CC925E", versionEndExcluding: "4.9.276", versionStartIncluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "FB359B2E-773D-4D52-9915-E07A47ABE72B", versionEndExcluding: "4.14.240", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "B93AEDB9-C52B-4222-8F9A-882DAD9EF5B2", versionEndExcluding: "4.19.198", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "508D9771-335F-44A6-9F2F-880DF1267A1F", versionEndExcluding: "5.4.134", versionStartIncluding: "4.20", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "7C1E6FB6-53C8-4DC4-8AE5-93094BA39F62", versionEndExcluding: "5.10.52", versionStartIncluding: "5.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "34C1A2F4-DD44-4CF1-8FD4-751A0D746A9E", versionEndExcluding: "5.12.19", versionStartIncluding: "5.11", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "F93FA3CC-0C79-410B-A7D7-245C2AA0723A", versionEndExcluding: "5.13.4", versionStartIncluding: "5.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*", matchCriteriaId: "1C767AA1-88B7-48F0-9F31-A89D16DCD52C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "02DEB4FB-A21D-4CB1-B522-EEE5093E8521", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior", }, { lang: "es", value: "** EN DISPUTA ** En el archivo drivers/char/virtio_console.c en el kernel de Linux versiones anteriores a 5.13.4, la corrupción o pérdida de datos puede ser desencadenada por un dispositivo no fiable que suministre un valor buf-)len excediendo el tamaño del buffer. NOTA: El proveedor indica que la citada corrupción de datos no es una vulnerabilidad en ningún caso de uso existente; la validación de la longitud se añadió únicamente para la robustez frente a un comportamiento anómalo del sistema operativo anfitrión.", }, ], id: "CVE-2021-38160", lastModified: "2024-11-21T06:16:31.280", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-07T04:15:06.967", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2021-38160", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4978", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2021-38160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210902-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4978", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Undergoing Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }