Vulnerabilites related to oracle - real_user_experience_insight
cve-2018-11055
Vulnerability from cvelistv5
Published
2018-08-31 18:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/46 | mailing-list, x_refsource_FULLDISC | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RSA | BSAFE Micro Edition Suite |
Version: unspecified < 4.0.11 Version: unspecified < 4.1.6.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BSAFE Micro Edition Suite", vendor: "RSA", versions: [ { lessThan: "4.0.11", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "4.1.6.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2018-08-28T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:53", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-11055", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BSAFE Micro Edition Suite", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0.11", }, { affected: "<", version_affected: "<", version_value: "4.1.6.1", }, ], }, }, ], }, vendor_name: "RSA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11055", datePublished: "2018-08-31T18:00:00", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-08-05T07:54:36.580Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11056
Vulnerability from cvelistv5
Published
2018-08-31 18:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/46 | mailing-list, x_refsource_FULLDISC | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | RSA | BSAFE Micro Edition Suite |
Version: unspecified < 4.1.6.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BSAFE Micro Edition Suite", vendor: "RSA", versions: [ { lessThan: "4.1.6.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "BSAFE Crypto-C Micro Edition", vendor: "RSA", versions: [ { lessThan: "4.0.5.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2018-08-28T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability ", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:53", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-11056", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BSAFE Micro Edition Suite", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.1.6.1", }, ], }, }, ], }, vendor_name: "RSA", }, { product: { product_data: [ { product_name: "BSAFE Crypto-C Micro Edition", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0.5.3", }, ], }, }, ], }, vendor_name: "RSA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability ", }, ], }, ], }, references: { reference_data: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11056", datePublished: "2018-08-31T18:00:00", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-08-05T07:54:36.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-10219
Vulnerability from cvelistv5
Published
2019-11-08 14:46
Modified
2024-08-04 22:17
Severity ?
EPSS score ?
Summary
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hibernate | hibernate-validator |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:17:18.975Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "RHSA-2020:0164", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0164", }, { name: "RHSA-2020:0159", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0159", }, { name: "RHSA-2020:0160", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0160", }, { name: "RHSA-2020:0161", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0161", }, { name: "RHSA-2020:0445", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0445", }, { name: "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220210-0024/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "hibernate-validator", vendor: "Hibernate", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-10T09:07:39", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E", }, { name: "RHSA-2020:0164", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0164", }, { name: "RHSA-2020:0159", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0159", }, { name: "RHSA-2020:0160", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0160", }, { name: "RHSA-2020:0161", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0161", }, { name: "RHSA-2020:0445", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0445", }, { name: "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220210-0024/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2019-10219", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "hibernate-validator", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Hibernate", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.", }, ], }, impact: { cvss: [ [ { vectorString: "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, ], ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E", }, { name: "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E", }, { name: "RHSA-2020:0164", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0164", }, { name: "RHSA-2020:0159", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0159", }, { name: "RHSA-2020:0160", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0160", }, { name: "RHSA-2020:0161", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0161", }, { name: "RHSA-2020:0445", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0445", }, { name: "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", }, { name: "https://security.netapp.com/advisory/ntap-20220210-0024/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220210-0024/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2019-10219", datePublished: "2019-11-08T14:46:03", dateReserved: "2019-03-27T00:00:00", dateUpdated: "2024-08-04T22:17:18.975Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-2351
Vulnerability from cvelistv5
Published
2021-07-20 22:43
Modified
2024-08-03 16:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2021/Dec/19 | mailing-list, x_refsource_FULLDISC | |
| http://seclists.org/fulldisclosure/2021/Dec/20 | mailing-list, x_refsource_FULLDISC | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2023.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | WebLogic Server |
Version: 12.2.1.3.0 Version: 12.2.1.4.0 Version: 14.1.1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:38:57.682Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Dec/19", }, { name: "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Dec/20", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "Oracle Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2023.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "WebLogic Server", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "12.2.1.3.0", }, { status: "affected", version: "12.2.1.4.0", }, { status: "affected", version: "14.1.1.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-23T18:30:20.233Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Dec/19", }, { name: "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Dec/20", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2023.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2021-2351", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "WebLogic Server", version: { version_data: [ { version_affected: "=", version_value: "12.2.1.3.0", }, { version_affected: "=", version_value: "12.2.1.4.0", }, { version_affected: "=", version_value: "14.1.1.0.0", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, ], }, impact: { cvss: { baseScore: "8.3", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Dec/19", }, { name: "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Dec/20", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", }, { name: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2021-2351", datePublished: "2021-07-20T22:43:29", dateReserved: "2020-12-09T00:00:00", dateUpdated: "2024-08-03T16:38:57.682Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11058
Vulnerability from cvelistv5
Published
2018-09-14 20:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/46 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/108106 | vdb-entry, x_refsource_BID | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | RSA | BSAFE Micro Edition Suite |
Version: unspecified < 4.0.11 Version: unspecified < 4.1.6.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.479Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "108106", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108106", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BSAFE Micro Edition Suite", vendor: "RSA", versions: [ { lessThan: "4.0.11", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "4.1.6.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "BSAFE Crypto-C Micro Edition", vendor: "RSA", versions: [ { lessThan: "4.0.5.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2018-08-28T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Buffer Over-Read vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:53", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "108106", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108106", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-11058", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BSAFE Micro Edition Suite", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0.11", }, { affected: "<", version_affected: "<", version_value: "4.1.6.1", }, ], }, }, { product_name: "BSAFE Crypto-C Micro Edition", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0.5.3", }, ], }, }, ], }, vendor_name: "RSA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Buffer Over-Read vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "108106", refsource: "BID", url: "http://www.securityfocus.com/bid/108106", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11058", datePublished: "2018-09-14T20:00:00", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-08-05T07:54:36.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-19956
Vulnerability from cvelistv5
Published
2019-12-24 15:12
Modified
2024-08-05 02:32
Severity ?
EPSS score ?
Summary
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:32:10.073Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20191228 [SECURITY] [DLA 2048-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", }, { name: "USN-4274-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4274-1/", }, { name: "FEDORA-2020-0c71c00af4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { name: "FEDORA-2020-7694e8be73", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { name: "openSUSE-SU-2020:0681", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { name: "openSUSE-SU-2020:0781", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200114-0002/", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-15T20:49:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20191228 [SECURITY] [DLA 2048-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", }, { name: "USN-4274-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4274-1/", }, { name: "FEDORA-2020-0c71c00af4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { name: "FEDORA-2020-7694e8be73", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { name: "openSUSE-SU-2020:0681", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { name: "openSUSE-SU-2020:0781", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200114-0002/", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-19956", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20191228 [SECURITY] [DLA 2048-1] libxml2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", }, { name: "USN-4274-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4274-1/", }, { name: "FEDORA-2020-0c71c00af4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { name: "FEDORA-2020-7694e8be73", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { name: "openSUSE-SU-2020:0681", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { name: "openSUSE-SU-2020:0781", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", refsource: "MISC", url: "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", }, { name: "https://security.netapp.com/advisory/ntap-20200114-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200114-0002/", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", refsource: "CONFIRM", url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-19956", datePublished: "2019-12-24T15:12:57", dateReserved: "2019-12-24T00:00:00", dateUpdated: "2024-08-05T02:32:10.073Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3537
Vulnerability from cvelistv5
Published
2021-05-14 19:50
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1956522 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202107-05 | vendor-advisory, x_refsource_GENTOO | |
| https://security.netapp.com/advisory/ntap-20210625-0002/ | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:01:08.318Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2021-e3ed1ba38b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { name: "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1956522", }, { name: "FEDORA-2021-b950000d2b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { name: "GLSA-202107-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-05", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libxml2", vendor: "n/a", versions: [ { status: "affected", version: "libxml2 2.9.11", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:35:39", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2021-e3ed1ba38b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { name: "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1956522", }, { name: "FEDORA-2021-b950000d2b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { name: "GLSA-202107-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-05", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-3537", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "libxml2", version: { version_data: [ { version_value: "libxml2 2.9.11", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2021-e3ed1ba38b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { name: "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1956522", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1956522", }, { name: "FEDORA-2021-b950000d2b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { name: "GLSA-202107-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-05", }, { name: "https://security.netapp.com/advisory/ntap-20210625-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3537", datePublished: "2021-05-14T19:50:10", dateReserved: "2021-05-05T00:00:00", dateUpdated: "2024-08-03T17:01:08.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11057
Vulnerability from cvelistv5
Published
2018-08-31 18:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/46 | mailing-list, x_refsource_FULLDISC | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RSA | BSAFE Micro Edition Suite |
Version: unspecified < 4.0.11 Version: unspecified < 4.1.6.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BSAFE Micro Edition Suite", vendor: "RSA", versions: [ { lessThan: "4.0.11", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "4.1.6.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2018-08-28T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Covert Timing Channel vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:53", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-11057", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BSAFE Micro Edition Suite", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "4.0.11", }, { affected: "<", version_affected: "<", version_value: "4.1.6.1", }, ], }, }, ], }, vendor_name: "RSA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Covert Timing Channel vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11057", datePublished: "2018-08-31T18:00:00", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-08-05T07:54:36.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3517
Vulnerability from cvelistv5
Published
2021-05-19 13:45
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:53:17.731Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2021-e3ed1ba38b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { name: "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954232", }, { name: "FEDORA-2021-b950000d2b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "GLSA-202107-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-05", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211022-0004/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libxml2", vendor: "n/a", versions: [ { status: "affected", version: "libxml2 2.9.11", }, ], }, ], descriptions: [ { lang: "en", value: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:35:17", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2021-e3ed1ba38b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { name: "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954232", }, { name: "FEDORA-2021-b950000d2b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "GLSA-202107-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-05", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211022-0004/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-3517", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "libxml2", version: { version_data: [ { version_value: "libxml2 2.9.11", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2021-e3ed1ba38b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { name: "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1954232", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954232", }, { name: "FEDORA-2021-b950000d2b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, { name: "GLSA-202107-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-05", }, { name: "https://security.netapp.com/advisory/ntap-20210625-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20211022-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211022-0004/", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3517", datePublished: "2021-05-19T13:45:00", dateReserved: "2021-04-27T00:00:00", dateUpdated: "2024-08-03T16:53:17.731Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15769
Vulnerability from cvelistv5
Published
2018-11-16 21:00
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105929 | vdb-entry, x_refsource_BID | |
| https://seclists.org/fulldisclosure/2018/Nov/37 | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id/1042057 | vdb-entry, x_refsource_SECTRACK | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:01:54.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105929", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105929", }, { name: "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "https://seclists.org/fulldisclosure/2018/Nov/37", }, { name: "1042057", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042057", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-11-12T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:54", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "105929", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105929", }, { name: "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "https://seclists.org/fulldisclosure/2018/Nov/37", }, { name: "1042057", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042057", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-15769", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "105929", refsource: "BID", url: "http://www.securityfocus.com/bid/105929", }, { name: "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability", refsource: "FULLDISC", url: "https://seclists.org/fulldisclosure/2018/Nov/37", }, { name: "1042057", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042057", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-15769", datePublished: "2018-11-16T21:00:00", dateReserved: "2018-08-23T00:00:00", dateUpdated: "2024-08-05T10:01:54.559Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20388
Vulnerability from cvelistv5
Published
2020-01-21 22:53
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:39:09.814Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2020-41fe1680f6", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", }, { name: "FEDORA-2020-0c71c00af4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { name: "FEDORA-2020-7694e8be73", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { name: "openSUSE-SU-2020:0681", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200702-0005/", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { name: "GLSA-202010-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202010-04", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:12:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FEDORA-2020-41fe1680f6", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", }, { name: "FEDORA-2020-0c71c00af4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { name: "FEDORA-2020-7694e8be73", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { name: "openSUSE-SU-2020:0681", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200702-0005/", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { name: "GLSA-202010-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202010-04", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20388", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2020-41fe1680f6", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", }, { name: "FEDORA-2020-0c71c00af4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { name: "FEDORA-2020-7694e8be73", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { name: "openSUSE-SU-2020:0681", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", refsource: "MISC", url: "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", }, { name: "https://security.netapp.com/advisory/ntap-20200702-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200702-0005/", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { name: "GLSA-202010-04", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202010-04", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20388", datePublished: "2020-01-21T22:53:50", dateReserved: "2020-01-21T00:00:00", dateUpdated: "2024-08-05T02:39:09.814Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3518
Vulnerability from cvelistv5
Published
2021-05-18 11:20
Modified
2024-08-03 17:01
Severity ?
EPSS score ?
Summary
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:01:07.460Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2021-e3ed1ba38b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { name: "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", }, { name: "FEDORA-2021-b950000d2b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "GLSA-202107-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-05", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { name: "20210723 APPLE-SA-2021-07-21-5 watchOS 7.6", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jul/58", }, { name: "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jul/54", }, { name: "20210723 APPLE-SA-2021-07-21-2 macOS Big Sur 11.5", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jul/55", }, { name: "20210723 APPLE-SA-2021-07-21-6 tvOS 14.7", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2021/Jul/59", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212605", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212602", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212601", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT212604", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libxml2", vendor: "n/a", versions: [ { status: "affected", version: "libxml2 2.9.11", }, ], }, ], descriptions: [ { lang: "en", value: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:35:29", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2021-e3ed1ba38b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { name: "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", }, { name: "FEDORA-2021-b950000d2b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "GLSA-202107-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-05", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { name: "20210723 APPLE-SA-2021-07-21-5 watchOS 7.6", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Jul/58", }, { name: "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Jul/54", }, { name: "20210723 APPLE-SA-2021-07-21-2 macOS Big Sur 11.5", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Jul/55", }, { name: "20210723 APPLE-SA-2021-07-21-6 tvOS 14.7", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2021/Jul/59", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212605", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212602", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212601", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT212604", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-3518", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "libxml2", version: { version_data: [ { version_value: "libxml2 2.9.11", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-416", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2021-e3ed1ba38b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { name: "[debian-lts-announce] 20210510 [SECURITY] [DLA 2653-1] libxml2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", }, { name: "FEDORA-2021-b950000d2b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, { name: "GLSA-202107-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-05", }, { name: "https://security.netapp.com/advisory/ntap-20210625-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { name: "20210723 APPLE-SA-2021-07-21-5 watchOS 7.6", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Jul/58", }, { name: "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Jul/54", }, { name: "20210723 APPLE-SA-2021-07-21-2 macOS Big Sur 11.5", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Jul/55", }, { name: "20210723 APPLE-SA-2021-07-21-6 tvOS 14.7", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2021/Jul/59", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://support.apple.com/kb/HT212605", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212605", }, { name: "https://support.apple.com/kb/HT212602", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212602", }, { name: "https://support.apple.com/kb/HT212601", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212601", }, { name: "https://support.apple.com/kb/HT212604", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT212604", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3518", datePublished: "2021-05-18T11:20:24", dateReserved: "2021-04-27T00:00:00", dateUpdated: "2024-08-03T17:01:07.460Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7595
Vulnerability from cvelistv5
Published
2020-01-21 22:54
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:33:19.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2020-41fe1680f6", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", }, { name: "USN-4274-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4274-1/", }, { name: "FEDORA-2020-0c71c00af4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { name: "FEDORA-2020-7694e8be73", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { name: "openSUSE-SU-2020:0681", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200702-0005/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { name: "GLSA-202010-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202010-04", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:23:35", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FEDORA-2020-41fe1680f6", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", }, { name: "USN-4274-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4274-1/", }, { name: "FEDORA-2020-0c71c00af4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { name: "FEDORA-2020-7694e8be73", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { name: "openSUSE-SU-2020:0681", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200702-0005/", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { name: "GLSA-202010-04", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202010-04", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-7595", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2020-41fe1680f6", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", }, { name: "USN-4274-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4274-1/", }, { name: "FEDORA-2020-0c71c00af4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { name: "FEDORA-2020-7694e8be73", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { name: "openSUSE-SU-2020:0681", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20200702-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200702-0005/", }, { name: "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", refsource: "MISC", url: "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { name: "GLSA-202010-04", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202010-04", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", refsource: "CONFIRM", url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-7595", datePublished: "2020-01-21T22:54:14", dateReserved: "2020-01-21T00:00:00", dateUpdated: "2024-08-04T09:33:19.963Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-11054
Vulnerability from cvelistv5
Published
2018-08-31 18:00
Modified
2024-08-05 07:54
Severity ?
EPSS score ?
Summary
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/46 | mailing-list, x_refsource_FULLDISC | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2020.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RSA | BSAFE Micro Edition Suite |
Version: 4.1.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:54:36.640Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BSAFE Micro Edition Suite", vendor: "RSA", versions: [ { status: "affected", version: "4.1.6", }, ], }, ], datePublic: "2018-08-28T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "integer overflow vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:53", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], source: { discovery: "UNKNOWN", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", ID: "CVE-2018-11054", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BSAFE Micro Edition Suite", version: { version_data: [ { affected: "=", version_affected: "=", version_value: "4.1.6", }, ], }, }, ], }, vendor_name: "RSA", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "integer overflow vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2018-11054", datePublished: "2018-08-31T18:00:00", dateReserved: "2018-05-14T00:00:00", dateUpdated: "2024-08-05T07:54:36.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29425
Vulnerability from cvelistv5
Published
2021-04-13 06:50
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Commons IO |
Version: Apache Commons IO 2.2 Version: Apache Commons IO 2.3 Version: Apache Commons IO 2.4 Version: Apache Commons IO 2.5 Version: Apache Commons IO 2.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:02:51.887Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://issues.apache.org/jira/browse/IO-556", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E", }, { name: "[commons-dev] 20210414 Re: [all] OSS Fuzz", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfd01af05babc95b8949e6d8ea78d9834699e1b06981040dde419a330%40%3Cdev.commons.apache.org%3E", }, { name: "[commons-dev] 20210415 Re: [all] OSS Fuzz", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8efcbabde973ea72f5e0933adc48ef1425db5cde850bf641b3993f31%40%3Cdev.commons.apache.org%3E", }, { name: "[pulsar-commits] 20210420 [GitHub] [pulsar] lhotari opened a new pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r873d5ddafc0a68fd999725e559776dc4971d1ab39c0f5cc81bd9bc04%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210420 [GitHub] [pulsar] merlimat merged pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r47ab6f68cbba8e730f42c4ea752f3a44eb95fb09064070f2476bb401%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/raa053846cae9d497606027816ae87b4e002b2e0eb66cb0dee710e1f5%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8569a41d565ca880a4dee0e645dad1cd17ab4a92e68055ad9ebb7375%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfa2f08b7c0caf80ca9f4a18bd875918fdd4e894e2ea47942a4589b9c%40%3Cdev.creadur.apache.org%3E", }, { name: "[pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r27b1eedda37468256c4bb768fde1e8b79b37ec975cbbfd0d65a7ac34%40%3Cdev.myfaces.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Created] (WHISKER-19) Update commons-io to fix CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra8ef65aedc086d2d3d21492b4c08ae0eb8a3a42cc52e29ba1bc009d8%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Commented] (WHISKER-19) Update commons-io to fix CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r523a6ffad58f71c4f3761e3cee72df878e48cdc89ebdce933be1475c%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Assigned] (WHISKER-19) Update commons-io to fix CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbebd3e19651baa7a4a5503a9901c95989df9d40602c8e35cb05d3eb5%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Updated] (WHISKER-19) Update commons-io to fix CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2bc986a070457daca457a54fe71ee09d2584c24dc262336ca32b6a19%40%3Cdev.creadur.apache.org%3E", }, { name: "[kafka-users] 20210617 vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { name: "[creadur-dev] 20210621 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r345330b7858304938b7b8029d02537a116d75265a598c98fa333504a%40%3Cdev.creadur.apache.org%3E", }, { name: "[commons-user] 20210709 commons-fileupload dependency and CVE", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rad4ae544747df32ccd58fff5a86cd556640396aeb161aa71dd3d192a%40%3Cuser.commons.apache.org%3E", }, { name: "[commons-user] 20210709 Re: commons-fileupload dependency and CVE", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r808be7d93b17a7055c1981a8453ae5f0d0fce5855407793c5d0ffffa%40%3Cuser.commons.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc65f9bc679feffe4589ea0981ee98bc0af9139470f077a91580eeee0%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc2dd3204260e9227a67253ef68b6f1599446005bfa0e1ddce4573a80%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-789 Upgrade to commons-io-2.7 due to CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2df50af2641d38f432ef025cd2ba5858215cc0cf3fc10396a674ad2e%40%3Cpluto-scm.portals.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8bfc7235e6b39d90e6f446325a5a44c3e9e50da18860fdabcee23e29%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r92ea904f4bae190b03bd42a4355ce3c2fbe8f36ab673e03f6ca3f9fa%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfcd2c649c205f12b72dde044f905903460669a220a2eb7e12652d19d%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2345b49dbffa8a5c3c589c082fe39228a2c1d14f11b96c523da701db%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r477c285126ada5c3b47946bb702cb222ac4e7fd3100c8549bdd6d3b2%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210806 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc10fa20ef4d13cbf6ebe0b06b5edb95466a1424a9b7673074ed03260%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[debian-lts-announce] 20210812 [SECURITY] [DLA 2741-1] commons-io security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00016.html", }, { name: "[zookeeper-notifications] 20210813 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rca71a10ca533eb9bfac2d590533f02e6fb9064d3b6aa3ec90fdc4f51%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re41e9967bee064e7369411c28f0f5b2ad28b8334907c9c6208017279%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd09d4ab3e32e4b3a480e2ff6ff118712981ca82e817f28f2a85652a6%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/red3aea910403d8620c73e1c7b9c9b145798d0469eb3298a7be7891af%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r20416f39ca7f7344e7d76fe4d7063bb1d91ad106926626e7e83fb346%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r86528f4b7d222aed7891e7ac03d69a0db2a2dfa17b86ac3470d7f374%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc5f3df5316c5237b78a3dff5ab95b311ad08e61d418cd992ca7e34ae%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r462db908acc1e37c455e11b1a25992b81efd18e641e7e0ceb1b6e046%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4050f9f6b42ebfa47a98cbdee4aabed4bb5fb8093db7dbb88faceba2%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5149f78be265be69d34eacb4e4b0fc7c9c697bcdfa91a1c1658d717b%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220210-0004/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Commons IO", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Commons IO 2.2", }, { status: "affected", version: "Apache Commons IO 2.3", }, { status: "affected", version: "Apache Commons IO 2.4", }, { status: "affected", version: "Apache Commons IO 2.5", }, { status: "affected", version: "Apache Commons IO 2.6", }, ], }, ], descriptions: [ { lang: "en", value: "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:27:07", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://issues.apache.org/jira/browse/IO-556", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E", }, { name: "[commons-dev] 20210414 Re: [all] OSS Fuzz", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfd01af05babc95b8949e6d8ea78d9834699e1b06981040dde419a330%40%3Cdev.commons.apache.org%3E", }, { name: "[commons-dev] 20210415 Re: [all] OSS Fuzz", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8efcbabde973ea72f5e0933adc48ef1425db5cde850bf641b3993f31%40%3Cdev.commons.apache.org%3E", }, { name: "[pulsar-commits] 20210420 [GitHub] [pulsar] lhotari opened a new pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r873d5ddafc0a68fd999725e559776dc4971d1ab39c0f5cc81bd9bc04%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210420 [GitHub] [pulsar] merlimat merged pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r47ab6f68cbba8e730f42c4ea752f3a44eb95fb09064070f2476bb401%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/raa053846cae9d497606027816ae87b4e002b2e0eb66cb0dee710e1f5%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8569a41d565ca880a4dee0e645dad1cd17ab4a92e68055ad9ebb7375%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfa2f08b7c0caf80ca9f4a18bd875918fdd4e894e2ea47942a4589b9c%40%3Cdev.creadur.apache.org%3E", }, { name: "[pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r27b1eedda37468256c4bb768fde1e8b79b37ec975cbbfd0d65a7ac34%40%3Cdev.myfaces.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Created] (WHISKER-19) Update commons-io to fix CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra8ef65aedc086d2d3d21492b4c08ae0eb8a3a42cc52e29ba1bc009d8%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Commented] (WHISKER-19) Update commons-io to fix CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r523a6ffad58f71c4f3761e3cee72df878e48cdc89ebdce933be1475c%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Assigned] (WHISKER-19) Update commons-io to fix CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbebd3e19651baa7a4a5503a9901c95989df9d40602c8e35cb05d3eb5%40%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Updated] (WHISKER-19) Update commons-io to fix CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2bc986a070457daca457a54fe71ee09d2584c24dc262336ca32b6a19%40%3Cdev.creadur.apache.org%3E", }, { name: "[kafka-users] 20210617 vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { name: "[creadur-dev] 20210621 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r345330b7858304938b7b8029d02537a116d75265a598c98fa333504a%40%3Cdev.creadur.apache.org%3E", }, { name: "[commons-user] 20210709 commons-fileupload dependency and CVE", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rad4ae544747df32ccd58fff5a86cd556640396aeb161aa71dd3d192a%40%3Cuser.commons.apache.org%3E", }, { name: "[commons-user] 20210709 Re: commons-fileupload dependency and CVE", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r808be7d93b17a7055c1981a8453ae5f0d0fce5855407793c5d0ffffa%40%3Cuser.commons.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc65f9bc679feffe4589ea0981ee98bc0af9139470f077a91580eeee0%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc2dd3204260e9227a67253ef68b6f1599446005bfa0e1ddce4573a80%40%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-789 Upgrade to commons-io-2.7 due to CVE-2021-29425", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2df50af2641d38f432ef025cd2ba5858215cc0cf3fc10396a674ad2e%40%3Cpluto-scm.portals.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8bfc7235e6b39d90e6f446325a5a44c3e9e50da18860fdabcee23e29%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r92ea904f4bae190b03bd42a4355ce3c2fbe8f36ab673e03f6ca3f9fa%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfcd2c649c205f12b72dde044f905903460669a220a2eb7e12652d19d%40%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2345b49dbffa8a5c3c589c082fe39228a2c1d14f11b96c523da701db%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r477c285126ada5c3b47946bb702cb222ac4e7fd3100c8549bdd6d3b2%40%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210806 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc10fa20ef4d13cbf6ebe0b06b5edb95466a1424a9b7673074ed03260%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[debian-lts-announce] 20210812 [SECURITY] [DLA 2741-1] commons-io security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00016.html", }, { name: "[zookeeper-notifications] 20210813 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rca71a10ca533eb9bfac2d590533f02e6fb9064d3b6aa3ec90fdc4f51%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re41e9967bee064e7369411c28f0f5b2ad28b8334907c9c6208017279%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd09d4ab3e32e4b3a480e2ff6ff118712981ca82e817f28f2a85652a6%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/red3aea910403d8620c73e1c7b9c9b145798d0469eb3298a7be7891af%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r20416f39ca7f7344e7d76fe4d7063bb1d91ad106926626e7e83fb346%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r86528f4b7d222aed7891e7ac03d69a0db2a2dfa17b86ac3470d7f374%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc5f3df5316c5237b78a3dff5ab95b311ad08e61d418cd992ca7e34ae%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r462db908acc1e37c455e11b1a25992b81efd18e641e7e0ceb1b6e046%40%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4050f9f6b42ebfa47a98cbdee4aabed4bb5fb8093db7dbb88faceba2%40%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5149f78be265be69d34eacb4e4b0fc7c9c697bcdfa91a1c1658d717b%40%3Cissues.zookeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220210-0004/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { defect: [ "IO-556", "IO-559", ], discovery: "UNKNOWN", }, title: "Possible limited path traversal vulnerabily in Apache Commons IO ", workarounds: [ { lang: "en", value: "Neither the method in question (FileNameUtils.normalize) nor any methods, that invoke it, do actually access any files. There's only a string returned, from which a path can be constructed. In other words, a possible workaround would be not passing any unsafe input to FileNameUtils.normalize.\n ", }, { lang: "en", value: "Upgrade to Apache Commons IO 2.7, or later, where the same method returns the value null, as an indication of \"invalid input\".\n", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-29425", STATE: "PUBLIC", TITLE: "Possible limited path traversal vulnerabily in Apache Commons IO ", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Commons IO", version: { version_data: [ { version_affected: "=", version_name: "Apache Commons IO", version_value: "2.2", }, { version_affected: "=", version_name: "Apache Commons IO", version_value: "2.3", }, { version_affected: "=", version_name: "Apache Commons IO", version_value: "2.4", }, { version_affected: "=", version_name: "Apache Commons IO", version_value: "2.5", }, { version_affected: "=", version_name: "Apache Commons IO", version_value: "2.6", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20 Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://issues.apache.org/jira/browse/IO-556", refsource: "MISC", url: "https://issues.apache.org/jira/browse/IO-556", }, { name: "https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E", }, { name: "[commons-dev] 20210414 Re: [all] OSS Fuzz", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfd01af05babc95b8949e6d8ea78d9834699e1b06981040dde419a330@%3Cdev.commons.apache.org%3E", }, { name: "[commons-dev] 20210415 Re: [all] OSS Fuzz", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8efcbabde973ea72f5e0933adc48ef1425db5cde850bf641b3993f31@%3Cdev.commons.apache.org%3E", }, { name: "[pulsar-commits] 20210420 [GitHub] [pulsar] lhotari opened a new pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r873d5ddafc0a68fd999725e559776dc4971d1ab39c0f5cc81bd9bc04@%3Ccommits.pulsar.apache.org%3E", }, { name: "[pulsar-commits] 20210420 [GitHub] [pulsar] merlimat merged pull request #10287: [Security] Upgrade commons-io to address CVE-2021-29425", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436@%3Ccommits.pulsar.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Closed] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r47ab6f68cbba8e730f42c4ea752f3a44eb95fb09064070f2476bb401@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Created] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", refsource: "MLIST", url: "https://lists.apache.org/thread.html/raa053846cae9d497606027816ae87b4e002b2e0eb66cb0dee710e1f5@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8569a41d565ca880a4dee0e645dad1cd17ab4a92e68055ad9ebb7375@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210427 [jira] [Updated] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfa2f08b7c0caf80ca9f4a18bd875918fdd4e894e2ea47942a4589b9c@%3Cdev.creadur.apache.org%3E", }, { name: "[pulsar-commits] 20210429 [pulsar] branch branch-2.7 updated: [Security] Upgrade commons-io to address CVE-2021-29425 (#10287)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71@%3Ccommits.pulsar.apache.org%3E", }, { name: "[myfaces-dev] 20210504 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #808: build: CVE fix", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r27b1eedda37468256c4bb768fde1e8b79b37ec975cbbfd0d65a7ac34@%3Cdev.myfaces.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Created] (WHISKER-19) Update commons-io to fix CVE-2021-29425", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra8ef65aedc086d2d3d21492b4c08ae0eb8a3a42cc52e29ba1bc009d8@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Commented] (WHISKER-19) Update commons-io to fix CVE-2021-29425", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r523a6ffad58f71c4f3761e3cee72df878e48cdc89ebdce933be1475c@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Assigned] (WHISKER-19) Update commons-io to fix CVE-2021-29425", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbebd3e19651baa7a4a5503a9901c95989df9d40602c8e35cb05d3eb5@%3Cdev.creadur.apache.org%3E", }, { name: "[creadur-dev] 20210518 [jira] [Updated] (WHISKER-19) Update commons-io to fix CVE-2021-29425", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2bc986a070457daca457a54fe71ee09d2584c24dc262336ca32b6a19@%3Cdev.creadur.apache.org%3E", }, { name: "[kafka-users] 20210617 vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe@%3Cusers.kafka.apache.org%3E", }, { name: "[creadur-dev] 20210621 [jira] [Commented] (RAT-281) Update commons-io to fix CVE-2021-29425 Moderate severity", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r345330b7858304938b7b8029d02537a116d75265a598c98fa333504a@%3Cdev.creadur.apache.org%3E", }, { name: "[commons-user] 20210709 commons-fileupload dependency and CVE", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rad4ae544747df32ccd58fff5a86cd556640396aeb161aa71dd3d192a@%3Cuser.commons.apache.org%3E", }, { name: "[commons-user] 20210709 Re: commons-fileupload dependency and CVE", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r808be7d93b17a7055c1981a8453ae5f0d0fce5855407793c5d0ffffa@%3Cuser.commons.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc65f9bc679feffe4589ea0981ee98bc0af9139470f077a91580eeee0@%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-789) Upgrade to commons-io-2.7 due to CVE-2021-29425", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc2dd3204260e9227a67253ef68b6f1599446005bfa0e1ddce4573a80@%3Cpluto-dev.portals.apache.org%3E", }, { name: "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-789 Upgrade to commons-io-2.7 due to CVE-2021-29425", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2df50af2641d38f432ef025cd2ba5858215cc0cf3fc10396a674ad2e@%3Cpluto-scm.portals.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8bfc7235e6b39d90e6f446325a5a44c3e9e50da18860fdabcee23e29@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r92ea904f4bae190b03bd42a4355ce3c2fbe8f36ab673e03f6ca3f9fa@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-dev] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfcd2c649c205f12b72dde044f905903460669a220a2eb7e12652d19d@%3Cdev.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2345b49dbffa8a5c3c589c082fe39228a2c1d14f11b96c523da701db@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210805 [jira] [Created] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r477c285126ada5c3b47946bb702cb222ac4e7fd3100c8549bdd6d3b2@%3Cissues.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210806 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.7 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc10fa20ef4d13cbf6ebe0b06b5edb95466a1424a9b7673074ed03260@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[debian-lts-announce] 20210812 [SECURITY] [DLA 2741-1] commons-io security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00016.html", }, { name: "[zookeeper-notifications] 20210813 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rca71a10ca533eb9bfac2d590533f02e6fb9064d3b6aa3ec90fdc4f51@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re41e9967bee064e7369411c28f0f5b2ad28b8334907c9c6208017279@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210813 [GitHub] [zookeeper] eolivelli commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd09d4ab3e32e4b3a480e2ff6ff118712981ca82e817f28f2a85652a6@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210816 [GitHub] [zookeeper] nkalmar commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/red3aea910403d8620c73e1c7b9c9b145798d0469eb3298a7be7891af@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r20416f39ca7f7344e7d76fe4d7063bb1d91ad106926626e7e83fb346@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on a change in pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r86528f4b7d222aed7891e7ac03d69a0db2a2dfa17b86ac3470d7f374@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc5f3df5316c5237b78a3dff5ab95b311ad08e61d418cd992ca7e34ae@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg edited a comment on pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1735: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r462db908acc1e37c455e11b1a25992b81efd18e641e7e0ceb1b6e046@%3Cnotifications.zookeeper.apache.org%3E", }, { name: "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4343: Bump commons-io to version 2.11 (avoids CVE-2021-29425)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4050f9f6b42ebfa47a98cbdee4aabed4bb5fb8093db7dbb88faceba2@%3Ccommits.zookeeper.apache.org%3E", }, { name: "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4343) OWASP Dependency-Check fails with CVE-2021-29425, commons-io-2.6", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5149f78be265be69d34eacb4e4b0fc7c9c697bcdfa91a1c1658d717b@%3Cissues.zookeeper.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220210-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220210-0004/", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { defect: [ "IO-556", "IO-559", ], discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Neither the method in question (FileNameUtils.normalize) nor any methods, that invoke it, do actually access any files. There's only a string returned, from which a path can be constructed. In other words, a possible workaround would be not passing any unsafe input to FileNameUtils.normalize.\n ", }, { lang: "en", value: "Upgrade to Apache Commons IO 2.7, or later, where the same method returns the value null, as an indication of \"invalid input\".\n", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-29425", datePublished: "2021-04-13T06:50:12", dateReserved: "2021-03-30T00:00:00", dateUpdated: "2024-08-03T22:02:51.887Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-24977
Vulnerability from cvelistv5
Published
2020-09-03 23:20
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:26:08.992Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { name: "openSUSE-SU-2020:1430", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html", }, { name: "FEDORA-2020-35087800be", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/", }, { name: "openSUSE-SU-2020:1465", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html", }, { name: "FEDORA-2020-7dd29dacad", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/", }, { name: "FEDORA-2020-b60dbdd538", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/", }, { name: "FEDORA-2020-be489044df", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/", }, { name: "FEDORA-2020-dd2fc19b78", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/", }, { name: "FEDORA-2020-20ab468a33", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/", }, { name: "FEDORA-2020-935f62c3d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/", }, { name: "FEDORA-2020-7773c53bc8", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/", }, { name: "FEDORA-2020-ff317550e4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/", }, { name: "FEDORA-2020-b6aaf25741", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "GLSA-202107-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-05", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200924-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200924-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:15:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { name: "openSUSE-SU-2020:1430", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html", }, { name: "FEDORA-2020-35087800be", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/", }, { name: "openSUSE-SU-2020:1465", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html", }, { name: "FEDORA-2020-7dd29dacad", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/", }, { name: "FEDORA-2020-b60dbdd538", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/", }, { name: "FEDORA-2020-be489044df", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/", }, { name: "FEDORA-2020-dd2fc19b78", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/", }, { name: "FEDORA-2020-20ab468a33", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/", }, { name: "FEDORA-2020-935f62c3d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/", }, { name: "FEDORA-2020-7773c53bc8", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/", }, { name: "FEDORA-2020-ff317550e4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/", }, { name: "FEDORA-2020-b6aaf25741", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "GLSA-202107-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-05", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200924-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://security.netapp.com/advisory/ntap-20200924-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-24977", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178", refsource: "MISC", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { name: "openSUSE-SU-2020:1430", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html", }, { name: "FEDORA-2020-35087800be", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/", }, { name: "openSUSE-SU-2020:1465", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html", }, { name: "FEDORA-2020-7dd29dacad", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/", }, { name: "FEDORA-2020-b60dbdd538", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/", }, { name: "FEDORA-2020-be489044df", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/", }, { name: "FEDORA-2020-dd2fc19b78", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/", }, { name: "FEDORA-2020-20ab468a33", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/", }, { name: "FEDORA-2020-935f62c3d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/", }, { name: "FEDORA-2020-7773c53bc8", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/", }, { name: "FEDORA-2020-ff317550e4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/", }, { name: "FEDORA-2020-b6aaf25741", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", }, { name: "GLSA-202107-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-05", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20200924-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200924-0001/", }, { name: "https://security.netapp.com/advisory/ntap-20200924-0001/", refsource: "MISC", url: "https://security.netapp.com/advisory/ntap-20200924-0001/", }, { name: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2", refsource: "MISC", url: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-24977", datePublished: "2020-09-03T23:20:35", dateReserved: "2020-08-28T00:00:00", dateUpdated: "2024-08-04T15:26:08.992Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-04-13 07:15
Modified
2024-11-21 06:01
Severity ?
Summary
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:commons_io:2.2:-:*:*:*:*:*:*", matchCriteriaId: "55B8E817-8D9D-433E-99D8-4E412F006400", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:commons_io:2.3:-:*:*:*:*:*:*", matchCriteriaId: "911E607E-5A34-44DC-B9E0-01D3571DD014", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:commons_io:2.4:-:*:*:*:*:*:*", matchCriteriaId: "B5AB5A45-486F-4B37-9E5B-4EEB81F4F78A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:commons_io:2.5:-:*:*:*:*:*:*", matchCriteriaId: "2DAD478C-FBF7-4FAE-8939-2FD625F8D71C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:commons_io:2.6:-:*:*:*:*:*:*", matchCriteriaId: "9FA21029-762D-4E84-A80A-DB417CA8BD00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "8DEAFEDC-2D0F-4A5F-99A0-BD41DD6DC017", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A287FA5D-D7D9-40B4-8DB2-1D7CE1808408", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "20EB3430-0FF2-4668-BB20-A5611ACC73F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F84E5662-0289-4ED5-A112-BC506508216C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "AD312681-73A4-4B21-BDE8-50DED7E3E0CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*", matchCriteriaId: "869D51B3-FB50-4BD6-8A0C-D0984267525F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*", matchCriteriaId: "08B8F413-2000-493B-82B1-BEFE343BB8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*", matchCriteriaId: "042269E6-D3B4-4867-86FA-9301FACA9FF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*", matchCriteriaId: "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*", matchCriteriaId: "86F03B63-F922-45CD-A7D1-326DB0042875", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*", matchCriteriaId: "7CBFC93F-8B39-45A2-981C-59B187169BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0843465C-F940-4FFC-998D-9A2668B75EA0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*", matchCriteriaId: "560F20E6-AEA1-4CE5-A393-C9B2CF334C5C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "E60C0966-BF0D-4D18-B09B-5D0BB96DBFF3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "E0FCD3BC-33D8-49D1-844B-6B9DE0CA4997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "473749BD-267E-480F-8E7F-C762702DB66E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*", matchCriteriaId: "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "320D36DA-D99F-4149-B582-3F4AB2F41A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*", matchCriteriaId: "05E4EB25-7B7A-4A10-A535-8C7CA4D6FEB6", versionEndIncluding: "2.4.0", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "C542DC5E-6657-4178-9C69-46FD3C187D56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "6D0F559E-0790-461B-ACED-5B00F4D40893", versionEndIncluding: "2.4.1", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D0DBC938-A782-433F-8BF1-CA250C332AA7", versionEndExcluding: "21.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", matchCriteriaId: "2A3622F5-5976-4BBC-A147-FC8A6431EA79", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*", matchCriteriaId: "787E2C1B-9BAD-4018-8495-E9BE75628BB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*", matchCriteriaId: "5A9E4125-B744-4A9D-BFE6-5D82939958FD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*", matchCriteriaId: "261212BD-125A-487F-97E8-A9587935DFE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "8E463039-5E48-4AA0-A42B-081053FA0111", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "4479F76A-4B67-41CC-98C7-C76B81050F8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AB1BC31C-6016-42A8-9517-2FBBC92620CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "3D2ACE8A-6D85-4401-88D8-46B678BA0063", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*", matchCriteriaId: "0535B116-57D6-4448-86A2-09BCE50894B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*", matchCriteriaId: "6512DC4C-C331-4F6B-9DC9-D9DA5B8945DA", versionEndIncluding: "7.4.2", versionStartIncluding: "7.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "1B54457C-8305-4F82-BE1E-DBA030A8E676", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "B5B4A191-44AE-4C35-9164-19237D2CF013", versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "A543B4F8-149A-48AB-B388-AB7FA2ECAC18", versionEndIncluding: "8.2.3", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", matchCriteriaId: "46E23F2E-6733-45AF-9BD9-1A600BD278C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", matchCriteriaId: "E812639B-EE28-4C68-9F6F-70C8BF981C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A23B00C1-878A-4B55-B87B-EFFFA6A5E622", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", matchCriteriaId: "21CC9E01-616E-411B-B0C7-DE6E599D3319", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", matchCriteriaId: "1F015E20-7886-4713-B4EC-FE7894066D09", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7B388677-D3A7-4304-8FDF-3C5ED51C8BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "129CA55C-C770-4D42-BD17-9011F3AC93C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*", matchCriteriaId: "E6235EAE-47DD-4292-9941-6FF8D0A83843", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*", matchCriteriaId: "4BE83BC6-5A6F-40A1-AAC7-314A575D8E07", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", matchCriteriaId: "7015A8CB-8FA6-423E-8307-BD903244F517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*", matchCriteriaId: "F9A4E206-56C7-4578-AC9C-088B0C8D9CFE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8FD060-E9A8-499C-87B0-AF7BBED7771F", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*", matchCriteriaId: "AB8A1479-591A-4858-9B18-3B595694A965", versionEndIncluding: "11.8.0", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DEFE7E72-D419-4040-81AB-B4934C13909F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*", matchCriteriaId: "B283B614-9E31-4148-8688-B0672B3A77B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "EA86EF7E-6162-4244-9C88-7AF5CAB787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "E6C9A32B-B776-4704-818D-977B4B20D677", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6989178B-A3D5-4441-A56C-6C639D4759DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "16AEA21E-0B11-44A5-8BFB-550521D8E0D5", versionEndIncluding: "3.0.4", versionStartIncluding: "3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "66C673C4-A825-46C0-816B-103E1C058D03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:helidon:1.4.7:*:*:*:*:*:*:*", matchCriteriaId: "34CB181A-803A-4C8D-BB6A-8B7CE65C5A7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:helidon:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "8AA1985E-D3D4-4053-A538-22C428D160CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00C9E689-ED91-4A9D-B9C0-5BF4EC131409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*", matchCriteriaId: "FC2370B5-F41B-45F6-AC9F-9C7B258AA717", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EF958C28-4289-4433-8CD9-B6551F01926F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "57E9FC66-F6A0-4FB0-8D92-2C9B9E3F2184", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F3E25293-CB03-44CE-A8ED-04B3A0487A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4F9721E3-EE25-4C8A-9E0A-E60D465E0A97", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.2.8:*:*:*:*:*:*:*", matchCriteriaId: "2B47C49C-3662-4FCB-82E8-7484F7151858", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D7A6C04D-43B3-4B83-A185-7CBD838C97E4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E2B51896-E4DA-4FDA-979F-481FFB3E588A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "71CB79ED-A93E-4CBD-BCDD-82C5A00B373B", versionEndExcluding: "2.12.42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", matchCriteriaId: "E9C55C69-E22E-4B80-9371-5CD821D79FE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CADD7026-EF85-40A5-8563-7A34C6941B1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "58F019E8-F68D-41B5-9480-0A81616F2E7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*", matchCriteriaId: "3AC56890-3225-4A0F-B48A-1FB761810062", versionEndExcluding: "21.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:21.3:*:*:*:-:*:*:*", matchCriteriaId: "37DDB2B3-1C16-44D6-BEE2-9D34637230F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48C9BD8E-7214-4B44-B549-6F11B3EA8A04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", matchCriteriaId: "A921C710-1C59-429F-B985-67C0DBFD695E", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*", matchCriteriaId: "40AABFD3-1D0D-4C6B-BA9A-9DA70241B51C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "4EEF867A-587A-45E1-B2F6-0B903903F0F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "DFDF4CB0-4680-449A-8576-915721D59500", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD311C33-A309-44D5-BBFB-539D72C7F8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", matchCriteriaId: "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", matchCriteriaId: "C7BD0D41-1BED-4C4F-95C8-8987C98908DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_pricing:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D5D06393-D43A-4A5E-BED5-4DF2F4F38C74", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", matchCriteriaId: "0CE45891-A6A5-4699-90A6-6F49E60A7987", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "054F9E62-A6D6-4850-83AD-3628C74A4384", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "E702EBED-DB39-4084-84B1-258BC5FE7545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "3F7956BF-D5B6-484B-999C-36B45CD8B75B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0D14A54A-4B04-41DE-B731-844D8AC3BE23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9DA6B655-A445-42E5-B6D9-70AB1C04774A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "74ACC94B-4A9F-451D-B639-6008A108BDDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", matchCriteriaId: "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A69FB468-EAF3-4E67-95E7-DF92C281C1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*", matchCriteriaId: "87A83709-4D38-4844-8928-0C2D6F2033BD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "C5B4C338-11E1-4235-9D5A-960B2711AC39", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "8C93F84E-9680-44EF-8656-D27440B51698", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", matchCriteriaId: "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.", }, { lang: "es", value: "En Apache Commons IO versiones anteriores a 2.7, Cuando se invoca el método FileNameUtils.normalize con una cadena de entrada inapropiada, como \"//../foo\" o \"\\\\..\\ foo\", el resultado sería el mismo valor, por lo que posiblemente proporcionar acceso a archivos en el directorio principal, pero no más arriba (por lo tanto, salto de ruta \"limited\"), si el código de llamada usara el resultado para construir un valor de ruta", }, ], id: "CVE-2021-29425", lastModified: "2024-11-21T06:01:04.113", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-13T07:15:12.327", references: [ { source: "security@apache.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/IO-556", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436%40%3Ccommits.pulsar.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71%40%3Ccommits.pulsar.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r20416f39ca7f7344e7d76fe4d7063bb1d91ad106926626e7e83fb346%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2345b49dbffa8a5c3c589c082fe39228a2c1d14f11b96c523da701db%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r27b1eedda37468256c4bb768fde1e8b79b37ec975cbbfd0d65a7ac34%40%3Cdev.myfaces.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2bc986a070457daca457a54fe71ee09d2584c24dc262336ca32b6a19%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2df50af2641d38f432ef025cd2ba5858215cc0cf3fc10396a674ad2e%40%3Cpluto-scm.portals.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r345330b7858304938b7b8029d02537a116d75265a598c98fa333504a%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4050f9f6b42ebfa47a98cbdee4aabed4bb5fb8093db7dbb88faceba2%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r462db908acc1e37c455e11b1a25992b81efd18e641e7e0ceb1b6e046%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r477c285126ada5c3b47946bb702cb222ac4e7fd3100c8549bdd6d3b2%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r47ab6f68cbba8e730f42c4ea752f3a44eb95fb09064070f2476bb401%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r5149f78be265be69d34eacb4e4b0fc7c9c697bcdfa91a1c1658d717b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r523a6ffad58f71c4f3761e3cee72df878e48cdc89ebdce933be1475c%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r808be7d93b17a7055c1981a8453ae5f0d0fce5855407793c5d0ffffa%40%3Cuser.commons.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r8569a41d565ca880a4dee0e645dad1cd17ab4a92e68055ad9ebb7375%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r86528f4b7d222aed7891e7ac03d69a0db2a2dfa17b86ac3470d7f374%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r873d5ddafc0a68fd999725e559776dc4971d1ab39c0f5cc81bd9bc04%40%3Ccommits.pulsar.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r8bfc7235e6b39d90e6f446325a5a44c3e9e50da18860fdabcee23e29%40%3Cissues.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r8efcbabde973ea72f5e0933adc48ef1425db5cde850bf641b3993f31%40%3Cdev.commons.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r92ea904f4bae190b03bd42a4355ce3c2fbe8f36ab673e03f6ca3f9fa%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ra8ef65aedc086d2d3d21492b4c08ae0eb8a3a42cc52e29ba1bc009d8%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/raa053846cae9d497606027816ae87b4e002b2e0eb66cb0dee710e1f5%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rad4ae544747df32ccd58fff5a86cd556640396aeb161aa71dd3d192a%40%3Cuser.commons.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rbebd3e19651baa7a4a5503a9901c95989df9d40602c8e35cb05d3eb5%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc10fa20ef4d13cbf6ebe0b06b5edb95466a1424a9b7673074ed03260%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc2dd3204260e9227a67253ef68b6f1599446005bfa0e1ddce4573a80%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc5f3df5316c5237b78a3dff5ab95b311ad08e61d418cd992ca7e34ae%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc65f9bc679feffe4589ea0981ee98bc0af9139470f077a91580eeee0%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rca71a10ca533eb9bfac2d590533f02e6fb9064d3b6aa3ec90fdc4f51%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd09d4ab3e32e4b3a480e2ff6ff118712981ca82e817f28f2a85652a6%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/re41e9967bee064e7369411c28f0f5b2ad28b8334907c9c6208017279%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/red3aea910403d8620c73e1c7b9c9b145798d0469eb3298a7be7891af%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rfa2f08b7c0caf80ca9f4a18bd875918fdd4e894e2ea47942a4589b9c%40%3Cdev.creadur.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rfcd2c649c205f12b72dde044f905903460669a220a2eb7e12652d19d%40%3Cdev.zookeeper.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rfd01af05babc95b8949e6d8ea78d9834699e1b06981040dde419a330%40%3Cdev.commons.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00016.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220210-0004/", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://issues.apache.org/jira/browse/IO-556", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r20416f39ca7f7344e7d76fe4d7063bb1d91ad106926626e7e83fb346%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2345b49dbffa8a5c3c589c082fe39228a2c1d14f11b96c523da701db%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r27b1eedda37468256c4bb768fde1e8b79b37ec975cbbfd0d65a7ac34%40%3Cdev.myfaces.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2bc986a070457daca457a54fe71ee09d2584c24dc262336ca32b6a19%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2df50af2641d38f432ef025cd2ba5858215cc0cf3fc10396a674ad2e%40%3Cpluto-scm.portals.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r345330b7858304938b7b8029d02537a116d75265a598c98fa333504a%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4050f9f6b42ebfa47a98cbdee4aabed4bb5fb8093db7dbb88faceba2%40%3Ccommits.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r462db908acc1e37c455e11b1a25992b81efd18e641e7e0ceb1b6e046%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r477c285126ada5c3b47946bb702cb222ac4e7fd3100c8549bdd6d3b2%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r47ab6f68cbba8e730f42c4ea752f3a44eb95fb09064070f2476bb401%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5149f78be265be69d34eacb4e4b0fc7c9c697bcdfa91a1c1658d717b%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r523a6ffad58f71c4f3761e3cee72df878e48cdc89ebdce933be1475c%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r808be7d93b17a7055c1981a8453ae5f0d0fce5855407793c5d0ffffa%40%3Cuser.commons.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8569a41d565ca880a4dee0e645dad1cd17ab4a92e68055ad9ebb7375%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r86528f4b7d222aed7891e7ac03d69a0db2a2dfa17b86ac3470d7f374%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r873d5ddafc0a68fd999725e559776dc4971d1ab39c0f5cc81bd9bc04%40%3Ccommits.pulsar.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8bfc7235e6b39d90e6f446325a5a44c3e9e50da18860fdabcee23e29%40%3Cissues.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r8efcbabde973ea72f5e0933adc48ef1425db5cde850bf641b3993f31%40%3Cdev.commons.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r92ea904f4bae190b03bd42a4355ce3c2fbe8f36ab673e03f6ca3f9fa%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra8ef65aedc086d2d3d21492b4c08ae0eb8a3a42cc52e29ba1bc009d8%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/raa053846cae9d497606027816ae87b4e002b2e0eb66cb0dee710e1f5%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rad4ae544747df32ccd58fff5a86cd556640396aeb161aa71dd3d192a%40%3Cuser.commons.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rbebd3e19651baa7a4a5503a9901c95989df9d40602c8e35cb05d3eb5%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc10fa20ef4d13cbf6ebe0b06b5edb95466a1424a9b7673074ed03260%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc2dd3204260e9227a67253ef68b6f1599446005bfa0e1ddce4573a80%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rc359823b5500e9a9a2572678ddb8e01d3505a7ffcadfa8d13b8780ab%40%3Cuser.commons.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc5f3df5316c5237b78a3dff5ab95b311ad08e61d418cd992ca7e34ae%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc65f9bc679feffe4589ea0981ee98bc0af9139470f077a91580eeee0%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rca71a10ca533eb9bfac2d590533f02e6fb9064d3b6aa3ec90fdc4f51%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd09d4ab3e32e4b3a480e2ff6ff118712981ca82e817f28f2a85652a6%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re41e9967bee064e7369411c28f0f5b2ad28b8334907c9c6208017279%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/red3aea910403d8620c73e1c7b9c9b145798d0469eb3298a7be7891af%40%3Cnotifications.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rfa2f08b7c0caf80ca9f4a18bd875918fdd4e894e2ea47942a4589b9c%40%3Cdev.creadur.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rfcd2c649c205f12b72dde044f905903460669a220a2eb7e12652d19d%40%3Cdev.zookeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rfd01af05babc95b8949e6d8ea78d9834699e1b06981040dde419a330%40%3Cdev.commons.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/08/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220210-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-21 15:15
Modified
2024-11-21 06:02
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:advanced_networking_option:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E95885F4-38B5-445A-B084-6B87172F2082", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:advanced_networking_option:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "FC810AC7-4185-4E20-AFE8-72A97C2933EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:advanced_networking_option:19c:*:*:*:*:*:*:*", matchCriteriaId: "231C1E97-2198-4DD7-8BD1-5FF4DDA14CDA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "06480458-3216-4C42-9270-F68A41EEC147", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "480BF1CB-11D7-4D86-A99E-960F316F2E1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F84E5662-0289-4ED5-A112-BC506508216C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "AD312681-73A4-4B21-BDE8-50DED7E3E0CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC3D0C4E-0B40-4ACF-BD9E-104CC1D77521", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "E67940FD-3BA7-40A8-8E40-44B37D23E2DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "EE6EB4DE-33DA-4810-96BD-29C82B433714", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F7FCB446-49A7-48B9-8808-E72A4E2E48C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "9E9B2F53-257E-49E2-83C3-0840BDB4D67C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6CF34B1B-0FC0-4EA6-830D-D2191337D451", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_mart:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EA67581B-F8FD-416E-852F-859D642B7405", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_mart:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "32ACEED2-BA43-4EF7-9183-2F01CC277FB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_mart:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "18B967BB-2233-4FB2-B10D-9A338E1B4089", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "09B79608-5D94-45C3-ADF0-B181B92C3014", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "9F05D844-38BD-4EEB-AF91-E5ED18B1E7E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "25193811-46CE-4A0E-B22D-67BE99FAD450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*", matchCriteriaId: "6DF2D056-3118-4C31-BEDD-69F016898CBB", versionEndIncluding: "18.3", versionStartIncluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*", matchCriteriaId: "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*", matchCriteriaId: "86F03B63-F922-45CD-A7D1-326DB0042875", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*", matchCriteriaId: "7CBFC93F-8B39-45A2-981C-59B187169BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0843465C-F940-4FFC-998D-9A2668B75EA0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*", matchCriteriaId: "366A6277-5D74-44C8-94A9-8ADB5568B5FB", versionEndIncluding: "18.3", versionStartIncluding: "18.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*", matchCriteriaId: "560F20E6-AEA1-4CE5-A393-C9B2CF334C5C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*", matchCriteriaId: "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "320D36DA-D99F-4149-B582-3F4AB2F41A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "BDC6D658-09EA-4C41-869F-1C2EA163F751", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*", matchCriteriaId: "384DEDD9-CB26-4306-99D8-83068A9B23ED", versionEndExcluding: "23.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*", matchCriteriaId: "2ECE8F5F-4417-4412-B857-F1ACDEED4FC2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4B2CEA84-0983-4C40-B923-99244ABCF32D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*", matchCriteriaId: "2FD798A8-38B7-42C1-9043-863D16CE7ACA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "57DA1DD8-E9F1-43C6-BCA2-1E9C92B1664C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "869CDD22-4A6C-4665-AA37-E340B07EF81C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*", matchCriteriaId: "787E2C1B-9BAD-4018-8495-E9BE75628BB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B465F237-0271-4389-8035-89C07A52350D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "123CB9B5-C800-47FD-BD0C-BE44198E97E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "4063FAD6-21D4-42C7-87C0-D299532E0982", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "59275C23-53C0-4890-A941-A71226B50CFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0172500D-DE51-44E0-91E8-C8F36617C1F8", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E99E7D49-AE53-4D16-AB24-EBEAAD084289", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "69C215AB-25B4-47A6-AD6A-A60D2C0FF72F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "8E77E48F-1521-4C89-A5D0-A7F0A8D21AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "6F88A2F3-E201-4C68-8D11-0A5C76CDB071", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CBD877F8-E6EF-4314-AAC0-36F81F4908DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3D7356B6-E197-4978-BF18-2CFD4D350A76", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "1B54457C-8305-4F82-BE1E-DBA030A8E676", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "C756C62B-E655-4770-8E85-B1995889E416", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "93F65B4C-59D5-450A-9955-7FDA32252B0F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "A67AA54B-258D-4D09-9ACB-4085E0B3E585", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "B5AAD5EB-403D-4DCD-96F6-3871889B9403", versionEndIncluding: "8.2.3", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*", matchCriteriaId: "64BCB9E3-883D-4C1F-9785-2E182BA47B5B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "F28B94B3-D940-4B1C-9E72-F061515D24F2", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "D6BDB265-293F-4F27-8CE0-576DF3ECD3BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "53600579-4542-4D80-A93C-3E45938C749D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D96CE74A-EB3A-489E-9229-43810DD46F64", versionEndIncluding: "8.2.5.0", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EAE0FAB3-DE56-4271-B3F1-FF665F55B728", versionEndIncluding: "8.2.5", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*", matchCriteriaId: "132DE874-6E47-452A-9FDD-27D5A41F046E", versionEndIncluding: "12.2.11", versionStartIncluding: "12.2.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*", matchCriteriaId: "603C00AA-DBF3-4F62-A74D-8AE596800B4C", versionEndIncluding: "12.6.4", versionStartIncluding: "12.6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", matchCriteriaId: "AE3CF700-5042-4DD5-A4B1-53A6C4D8E549", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:documaker:12.7.0:*:*:*:*:*:*:*", matchCriteriaId: "C3D5995F-542C-489E-8940-991AAB17643B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "36CF85A9-2C29-46E7-961E-8ADD0B5822CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E80555C7-DA1C-472C-9467-19554DCE4476", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "47B0A947-E4C8-4C04-AD3B-950E59DF7A0E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "1AC36036-07CE-4903-8FFB-445C6908F0CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "435FDFA1-BF6A-499D-BDB6-88A26648DFD5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "AB3F3F63-9543-4568-BCB1-1CAF88384142", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "FC0C4CA4-1694-474E-8272-CF96E168D962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "93E953D0-9C0C-4B03-9939-384A1F7E2BC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "767CC73D-2771-4BBC-9D74-4416AEC6BB2E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D33B68C6-2A4E-418C-A2BD-43A3CC5D1003", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "DAE3EA23-045D-474C-ABD8-916930D4E9E7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*", matchCriteriaId: "8BB9420F-87CE-4B4B-A417-AA6813CE1318", versionEndIncluding: "8.1.1.0.0", versionStartIncluding: "8.0.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*", matchCriteriaId: "B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "10BBAD37-51A1-4819-807B-2642E9D4A69C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "21BE77B2-6368-470E-B9E6-21664D9A818A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3250073F-325A-4AFC-892F-F2005E3854A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*", matchCriteriaId: "524429D6-8AF1-4713-A9B8-678B50A3762F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*", matchCriteriaId: "ED21B958-0FD0-4697-9CE2-266DEE4E29DC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "2177A5E9-B260-499E-8D60-920679518425", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "6329B1A2-75A8-4909-B4FB-77AC7232B6ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "EC91D0AD-C721-4653-A2B7-4EA7D97F6392", versionEndExcluding: "12.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "C0B3C50D-60BB-40B3-A146-BF7A1EC9ECC5", versionEndExcluding: "21.5.0.0.220118", versionStartIncluding: "19.1.0.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:*:*:*:*:*:*:*:*", matchCriteriaId: "C970F0E8-0768-451A-8091-5C88761CA95D", versionEndExcluding: "23.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*", matchCriteriaId: "7E3417CF-4E94-4BA0-A05A-018D00EAC107", versionEndExcluding: "21.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4E45ADE3-2A3D-4FCA-BCDF-D0CC6CE0A23C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB8797ED-52E7-47B6-9F78-E2402671CCAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97C10FBE-FD9A-4739-9303-5B6FC7551D66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "CF45C905-9EFF-4108-9B70-9FFDDD6627A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E03F5DEF-DDD7-4C8C-90EF-7E4BCDEFE34B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "66C673C4-A825-46C0-816B-103E1C058D03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BA92E70A-2249-4144-B0B8-35501159ADB3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "CFDEE0AC-F2A4-4CA4-B8B5-E3F98712B072", versionEndIncluding: "7.3.0.2", versionStartIncluding: "7.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "D747A956-40A6-47D8-A813-FA4E13CB557F", versionEndIncluding: "8.0.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "ED13F526-2D53-4627-B2C5-3678F5CC405B", versionEndIncluding: "8.1.1", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "523391D8-CB84-4EBD-B337-6A99F52E537F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_inventory_management:*:*:*:*:*:*:*:*", matchCriteriaId: "30B1475D-4F8D-4539-AED9-609C23944D14", versionEndExcluding: "9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8865CE15-F9A1-4A46-AF93-B58356BDEE6F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*", matchCriteriaId: "95D6A426-B914-401F-9AB0-5F5E3A3FE138", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*", matchCriteriaId: "CBDA65DE-5727-49DC-8D50-DA81DB3E8841", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*", matchCriteriaId: "A577DCD3-6730-441A-B3BD-6199483FB1E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*", matchCriteriaId: "577A07A9-DBB1-49E6-B2CC-60B917097472", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*", matchCriteriaId: "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*", matchCriteriaId: "AD7E9060-BA5B-4682-AC0D-EE5105AD0332", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "52C13DE5-CA3C-414F-8813-BB0847433151", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*", matchCriteriaId: "D361A9A8-15B0-4527-868B-80998772F2AB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*", matchCriteriaId: "4A667A37-59EB-4539-ADCA-D5F789DB6744", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", matchCriteriaId: "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", matchCriteriaId: "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", matchCriteriaId: "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BD4EE554-DFE7-4C16-BC98-574DC97FC85C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EE4160ED-75F2-4499-AC6C-90CD092A46E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*", matchCriteriaId: "2F03BFDA-6904-42D7-8170-D6FD143BB16C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "32EE6974-6E2E-4DE8-9F2B-8FE0FCEFECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "C85900AC-11DA-4FA8-A1E0-270240BF4B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "4E0154DF-9EC0-4844-9B06-1C554CED3BC2", versionEndIncluding: "5.6.0", versionStartIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "428D2B1D-CFFD-49D1-BC05-2D85D22004DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00C9E689-ED91-4A9D-B9C0-5BF4EC131409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*", matchCriteriaId: "7EFA1879-0BF9-4493-9145-15100BC38C0A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EF958C28-4289-4433-8CD9-B6551F01926F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "57E9FC66-F6A0-4FB0-8D92-2C9B9E3F2184", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F3E25293-CB03-44CE-A8ED-04B3A0487A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4F9721E3-EE25-4C8A-9E0A-E60D465E0A97", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.2.7:*:*:*:*:*:*:*", matchCriteriaId: "212AC8FA-90E8-4FDF-BC57-D17CD8F2E35C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D7A6C04D-43B3-4B83-A185-7CBD838C97E4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E2B51896-E4DA-4FDA-979F-481FFB3E588A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:*:*:*:*:*:*:*", matchCriteriaId: "4A87D1B6-87DF-4BC6-9C3E-F3AA47E22C4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "71CB79ED-A93E-4CBD-BCDD-82C5A00B373B", versionEndExcluding: "2.12.42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "F47057A9-2DDE-4178-B140-F7D70EAED8F6", versionEndIncluding: "12.2.24", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*", matchCriteriaId: "FA9948AB-0CA6-4148-949C-E500466B45F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*", matchCriteriaId: "56D17905-5E69-4BD5-973B-30662AC3D678", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*", matchCriteriaId: "70E72A74-F6A9-48EE-9279-3D9E53C2EC30", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*", matchCriteriaId: "F14C6AB5-CC45-4753-A60F-1F527B063127", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*", matchCriteriaId: "583BBDF1-DBE4-486D-ABF8-7D2B0408490A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*", matchCriteriaId: "C9810151-6F80-48FD-A51E-F063EB2B7324", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", versionEndIncluding: "17.12.11", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "301E7158-9090-467C-B3B4-30A8DB3B395D", versionEndIncluding: "18.8.12", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "BBEFACB1-C8EA-492B-8F85-A564DB363C83", versionEndIncluding: "19.12.11", versionStartIncluding: "19.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", versionEndIncluding: "20.12.7", versionStartIncluding: "20.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "6AEB882B-4975-4417-848C-0EAB022EB893", versionEndIncluding: "17.12.20", versionStartIncluding: "17.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "51E74B18-96E2-4B13-8072-3A4B29ED42EC", versionEndIncluding: "18.8.24", versionStartIncluding: "18.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "A3B41942-0EAE-4915-B560-C77855CF3AC1", versionEndIncluding: "19.12.17.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "798DD531-5B35-4D26-817D-5826666C9FA1", versionEndIncluding: "20.12.9.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "0E96F120-57FB-432C-8D9A-A227A78BB4B4", versionEndIncluding: "17.12.20.0", versionStartIncluding: "17.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "C97C52C9-16DD-4086-A1CF-19FD5C90FEA3", versionEndIncluding: "18.8.24.0", versionStartIncluding: "18.8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "05848067-59FF-4C90-A8BA-D1E4311B3A82", versionEndIncluding: "19.12.17.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "DC6AD8C8-96ED-4CFB-9953-99139FABCE35", versionEndIncluding: "20.12.9.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", matchCriteriaId: "E9C55C69-E22E-4B80-9371-5CD821D79FE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", matchCriteriaId: "7F978162-CB2C-4166-947A-9048C6E878BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*", matchCriteriaId: "CE004F32-F4DA-45A8-AD11-8924C4F1076A", versionEndIncluding: "12.2.11", versionStartIncluding: "12.2.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CADD7026-EF85-40A5-8563-7A34C6941B1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "58F019E8-F68D-41B5-9480-0A81616F2E7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "90D4D479-0294-4F31-B719-8544C8DC4554", versionEndIncluding: "16.0.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48C9BD8E-7214-4B44-B549-6F11B3EA8A04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*", matchCriteriaId: "E0B58B00-92A6-4033-B53A-839A4BDDF30F", versionEndIncluding: "16.0.2", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*", matchCriteriaId: "31FFE404-027E-4B59-B3EF-BD20E1F7EECC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "44AA1B51-8A24-48F0-B16F-803D69698707", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7435071D-0C95-4686-A978-AFC4C9A0D0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "822A3C37-86F2-4E91-BE91-2A859F983941", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD311C33-A309-44D5-BBFB-539D72C7F8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", matchCriteriaId: "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", matchCriteriaId: "C7BD0D41-1BED-4C4F-95C8-8987C98908DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*", matchCriteriaId: "99B5DC78-1C24-4F2B-A254-D833FAF47013", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", matchCriteriaId: "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4FB98961-8C99-4490-A6B8-9A5158784F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "5B956113-5B3B-436D-858B-8F29FB304364", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*", matchCriteriaId: "7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*", matchCriteriaId: "EFC5F424-119D-4C66-8251-E735EEFBC0BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "E702EBED-DB39-4084-84B1-258BC5FE7545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "3F7956BF-D5B6-484B-999C-36B45CD8B75B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9DA6B655-A445-42E5-B6D9-70AB1C04774A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "C1933509-1BEA-45DA-B6AF-2713B432B1F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*", matchCriteriaId: "4DA1BF68-635B-4577-B3F7-DEBC39567C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*", matchCriteriaId: "3B202AEF-1197-441B-8EA1-2913BFD8A545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", matchCriteriaId: "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A69FB468-EAF3-4E67-95E7-DF92C281C1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "889916ED-5EB2-49D6-8400-E6DBBD6C287F", versionEndIncluding: "21.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*", matchCriteriaId: "6DFFDFD4-0D11-4F63-A0AD-A0C65A067912", versionEndExcluding: "21.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:*", matchCriteriaId: "EE6B6243-9FE9-432B-B5A8-20E515E06A93", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*", matchCriteriaId: "01E3B232-073E-433B-977A-1742B75109B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "6F6FDC33-D57E-4C6A-B633-BFC587147037", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F3B01572-9D32-44B2-8FCF-C282C887DB51", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "20290BBC-E3C9-4B96-94FE-2DFADD4BF1F1", versionEndExcluding: "21.1.1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:21.1.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "AF7F55C1-2114-4D22-B696-6E20337E52FF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "C5B4C338-11E1-4235-9D5A-960B2711AC39", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "8C93F84E-9680-44EF-8656-D27440B51698", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "CB85582D-0106-47F1-894F-0BC4FF0B5462", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", }, { lang: "es", value: "Una vulnerabilidad en el componente Advanced Networking Option de Oracle Database Server. Las versiones compatibles que están afectadas son 12.1.0.2, 12.2.0.1 y 19c. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de Oracle Net comprometer a advanced Networking Option. Los ataques con éxito requieren una interacción humana de una persona diferente del atacante y, mientras la vulnerabilidad se encuentra en Advanced Networking Option, los ataques pueden afectar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Advanced Networking Option. Nota: La actualización de parches críticos de julio de 2021 introduce una serie de cambios en el Cifrado de Red Nativo para hacer frente a la vulnerabilidad (CVE-2021-2351 y prevenir el uso de cifrados más débiles. Los clientes deben revisar: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Puntuación Base 8.3 (Impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)", }, ], id: "CVE-2021-2351", lastModified: "2024-11-21T06:02:56.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 6, source: "secalert_us@oracle.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-07-21T15:15:21.827", references: [ { source: "secalert_us@oracle.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", }, { source: "secalert_us@oracle.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", }, { source: "secalert_us@oracle.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Dec/19", }, { source: "secalert_us@oracle.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Dec/20", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2023.html", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { source: "secalert_us@oracle.com", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Dec/19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Dec/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, { lang: "en", value: "CWE-384", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-24 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxml2 | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| netapp | active_iq_unified_manager | - | |
| netapp | clustered_data_ontap | - | |
| netapp | clustered_data_ontap_antivirus_connector | - | |
| netapp | manageability_software_development_kit | - | |
| netapp | ontap_select_deploy_administration_utility | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| siemens | sinema_remote_connect_server | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", matchCriteriaId: "C8DDEBA0-C678-4B4D-B152-A83FBAA77A6F", versionEndExcluding: "2.9.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "62347994-1353-497C-9C4A-D5D8D95F67E8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*", matchCriteriaId: "D39DCAE7-494F-40B2-867F-6C6A077939DD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F65F9901-F4BD-4484-9749-D5022245D686", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.", }, { lang: "es", value: "La función xmlParseBalancedChunkMemoryRecover en el archivo parser.c en libxml2 versiones anteriores a 2.9.10, presenta una pérdida de memoria relacionada con newDoc-)oldNs.", }, ], id: "CVE-2019-19956", lastModified: "2024-11-21T04:35:44.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-24T16:15:11.450", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200114-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4274-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200114-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4274-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-14 20:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | * | |
| dell | bsafe | * | |
| dell | bsafe_crypto-c | * | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.0 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3.0 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519", versionEndExcluding: "4.0.11", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "E1E74A2F-4075-428D-A6E5-FE9387EB59CB", versionEndExcluding: "4.1.6", versionStartIncluding: "4.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-c:*:*:*:*:micro:*:*:*", matchCriteriaId: "34E7C1D1-796B-4FDD-A619-5DD75032FEBB", versionEndExcluding: "4.0.5.3", versionStartIncluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", versionEndExcluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6 (en las 4.1.0); y RSA BSAFE Crypto-C Micro Edition, en versiones anteriores a la 4.0.5.3 (en las 4.0.x), contienen una vulnerabilidad de sobrelectura de búfer al analizar datos ASN.1. Un atacante remoto podría emplear datos ASN.1 construidos de forma maliciosa para provocar este problema.", }, ], id: "CVE-2018-11058", lastModified: "2024-11-21T03:42:35.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-14T20:29:00.307", references: [ { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "security_alert@emc.com", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/108106", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/108106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-08 15:15
Modified
2024-11-21 04:18
Severity ?
Summary
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*", matchCriteriaId: "552F082C-38E5-49A9-A451-71B6ECAF21B2", versionEndExcluding: "6.0.18", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha1:*:*:*:*:*:*", matchCriteriaId: "A82A1C19-F8AE-4DA9-891D-247F07D57605", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha2:*:*:*:*:*:*", matchCriteriaId: "E38B943A-B167-4EAD-9308-47FF525BE57A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha3:*:*:*:*:*:*", matchCriteriaId: "6766965C-2991-4559-975B-9E864DF8F10D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha4:*:*:*:*:*:*", matchCriteriaId: "E6CD7403-23C7-488F-84EC-1F0C675E87D3", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha5:*:*:*:*:*:*", matchCriteriaId: "A0033893-4CA9-41F4-8FF0-3BE20F5BE1C4", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha6:*:*:*:*:*:*", matchCriteriaId: "EEB7C69E-FA13-43AB-89AD-FE1E4687E02A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*", matchCriteriaId: "077732DB-F5F3-4E9C-9AC0-8142AB85B32F", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*", matchCriteriaId: "2BF03A52-4068-47EA-8846-1E5FB708CE1A", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*", matchCriteriaId: "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*", matchCriteriaId: "ADB40F59-CAAE-47D6-850C-12619D8D5B34", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*", matchCriteriaId: "341E6313-20D5-44CB-9719-B20585DC5AD6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", matchCriteriaId: "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", matchCriteriaId: "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", matchCriteriaId: "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*", matchCriteriaId: "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "DC01D8F3-291A-44E5-99C1-6771F6656E0E", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*", matchCriteriaId: "5E1DE4F5-9094-4C73-AA1B-5C902F38DD24", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "8DEAFEDC-2D0F-4A5F-99A0-BD41DD6DC017", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A287FA5D-D7D9-40B4-8DB2-1D7CE1808408", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "20EB3430-0FF2-4668-BB20-A5611ACC73F6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*", matchCriteriaId: "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", matchCriteriaId: "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", matchCriteriaId: "432BFCF5-A5DC-487C-A111-DE70AB3FCDAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*", matchCriteriaId: "5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "06480458-3216-4C42-9270-F68A41EEC147", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "480BF1CB-11D7-4D86-A99E-960F316F2E1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_express:21.1.4:*:*:*:*:*:*:*", matchCriteriaId: "BB124AD9-8000-449B-8219-0FF011F86B03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F84E5662-0289-4ED5-A112-BC506508216C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "AD312681-73A4-4B21-BDE8-50DED7E3E0CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC3D0C4E-0B40-4ACF-BD9E-104CC1D77521", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "E67940FD-3BA7-40A8-8E40-44B37D23E2DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "EE6EB4DE-33DA-4810-96BD-29C82B433714", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_analytics:8.21:*:*:*:*:*:*:*", matchCriteriaId: "0C446826-EF5B-4937-ADB4-1102F9F39304", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F7FCB446-49A7-48B9-8808-E72A4E2E48C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "9E9B2F53-257E-49E2-83C3-0840BDB4D67C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6CF34B1B-0FC0-4EA6-830D-D2191337D451", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "09B79608-5D94-45C3-ADF0-B181B92C3014", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "9F05D844-38BD-4EEB-AF91-E5ED18B1E7E8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "25193811-46CE-4A0E-B22D-67BE99FAD450", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*", matchCriteriaId: "869D51B3-FB50-4BD6-8A0C-D0984267525F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*", matchCriteriaId: "08B8F413-2000-493B-82B1-BEFE343BB8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*", matchCriteriaId: "042269E6-D3B4-4867-86FA-9301FACA9FF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*", matchCriteriaId: "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*", matchCriteriaId: "86F03B63-F922-45CD-A7D1-326DB0042875", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*", matchCriteriaId: "7CBFC93F-8B39-45A2-981C-59B187169BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0843465C-F940-4FFC-998D-9A2668B75EA0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "1F834ACC-D65B-4CA3-91F1-415CBC6077E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*", matchCriteriaId: "560F20E6-AEA1-4CE5-A393-C9B2CF334C5C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*", matchCriteriaId: "BBE7BF09-B89C-4590-821E-6C0587E096B5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*", matchCriteriaId: "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*", matchCriteriaId: "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*", matchCriteriaId: "18127694-109C-4E7E-AE79-0BA351849291", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*", matchCriteriaId: "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*", matchCriteriaId: "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "E60C0966-BF0D-4D18-B09B-5D0BB96DBFF3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "E0FCD3BC-33D8-49D1-844B-6B9DE0CA4997", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "473749BD-267E-480F-8E7F-C762702DB66E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*", matchCriteriaId: "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "320D36DA-D99F-4149-B582-3F4AB2F41A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*", matchCriteriaId: "05E4EB25-7B7A-4A10-A535-8C7CA4D6FEB6", versionEndIncluding: "2.4.0", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*", matchCriteriaId: "5E502A46-BAF4-4558-BC8F-9F014A2FB26A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "C542DC5E-6657-4178-9C69-46FD3C187D56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "6D0F559E-0790-461B-ACED-5B00F4D40893", versionEndIncluding: "2.4.1", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "282150FF-C945-4A3E-8A80-E8757A8907EA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5CD806C1-CC17-47BD-8BB0-9430C4253BC7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "C83DA9A0-2EBC-4298-8412-1A7C4DC88C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9DC56004-4497-4CDD-AE76-5E3DFAE170F0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "274A0CF5-41E8-42E0-9931-F7372A65B9C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*", matchCriteriaId: "BEF828F5-C666-40DA-98DD-CDF658D7090B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "BA8461A2-428C-4817-92A9-0C671545698D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B602F9E8-1580-436C-A26D-6E6F8121A583", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "77C3DD16-1D81-40E1-B312-50FBD275507C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "81DAC8C0-D342-44B5-9432-6B88D389584F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4B2CEA84-0983-4C40-B923-99244ABCF32D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*", matchCriteriaId: "2FD798A8-38B7-42C1-9043-863D16CE7ACA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*", matchCriteriaId: "2A3622F5-5976-4BBC-A147-FC8A6431EA79", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "F012E976-E219-46C2-8177-60ED859594BE", versionEndIncluding: "11.3.2", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*", matchCriteriaId: "787E2C1B-9BAD-4018-8495-E9BE75628BB8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "B0111372-B39F-4B3D-8136-44C2C1CFD12B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B465F237-0271-4389-8035-89C07A52350D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*", matchCriteriaId: "5A9E4125-B744-4A9D-BFE6-5D82939958FD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*", matchCriteriaId: "261212BD-125A-487F-97E8-A9587935DFE8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "4063FAD6-21D4-42C7-87C0-D299532E0982", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "F6E8A8C3-253A-4BDD-9AD2-4445DC387B4D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "98FB24DB-AF91-48D0-9CA5-C8250D183FD5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "868E7C46-7E45-4CFA-8A25-7CBFED912096", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "B6B6FE82-7BFA-481D-99D6-789B146CA18B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "BC12B43F-30F6-4B05-AB3A-E91D8404D5A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "5D423B62-8EFE-4EFD-A986-5F5ECE5B892F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "8E463039-5E48-4AA0-A42B-081053FA0111", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "4479F76A-4B67-41CC-98C7-C76B81050F8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "DAEB09CA-9352-43CD-AF66-92BE416E039C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*", matchCriteriaId: "45E5C9B0-AB25-4744-88E4-FD0C4A853001", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "A442DA9E-FF9A-4C51-9D3E-68D09C8BB472", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "0AB059F2-FEC4-4180-8A90-39965495055E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*", matchCriteriaId: "5A276784-877B-4A29-A8F1-70518A438A9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "59275C23-53C0-4890-A941-A71226B50CFB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*", matchCriteriaId: "0535B116-57D6-4448-86A2-09BCE50894B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0172500D-DE51-44E0-91E8-C8F36617C1F8", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E99E7D49-AE53-4D16-AB24-EBEAAD084289", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "69C215AB-25B4-47A6-AD6A-A60D2C0FF72F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "8E77E48F-1521-4C89-A5D0-A7F0A8D21AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "6F88A2F3-E201-4C68-8D11-0A5C76CDB071", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CBD877F8-E6EF-4314-AAC0-36F81F4908DF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3D7356B6-E197-4978-BF18-2CFD4D350A76", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*", matchCriteriaId: "93BE4838-1144-4A6A-ABDB-F2766E64C91C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "1B54457C-8305-4F82-BE1E-DBA030A8E676", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "C756C62B-E655-4770-8E85-B1995889E416", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "93F65B4C-59D5-450A-9955-7FDA32252B0F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "A67AA54B-258D-4D09-9ACB-4085E0B3E585", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", matchCriteriaId: "A6BD600E-F3E9-40CE-9414-1D4506ACC1D8", versionEndIncluding: "8.5.1.0", versionStartIncluding: "8.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*", matchCriteriaId: "95A3E946-BBD5-4BCB-B864-FB3BF5DE56D0", versionEndIncluding: "16.4", versionStartIncluding: "16.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "C4A94B36-479F-48F2-9B9E-ACEA2589EF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*", matchCriteriaId: "46E23F2E-6733-45AF-9BD9-1A600BD278C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", matchCriteriaId: "E812639B-EE28-4C68-9F6F-70C8BF981C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", matchCriteriaId: "E1214FDF-357A-4BB9-BADE-50FB2BD16D10", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*", matchCriteriaId: "64BCB9E3-883D-4C1F-9785-2E182BA47B5B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", matchCriteriaId: "26940103-F37C-4FBD-BDFD-528A497209D6", versionEndIncluding: "12.0.4.0.0", versionStartIncluding: "12.0.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", matchCriteriaId: "B21E6EEF-2AB7-4E96-B092-1F49D11B4175", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A23B00C1-878A-4B55-B87B-EFFFA6A5E622", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*", matchCriteriaId: "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*", matchCriteriaId: "F545DFC9-F331-4E1D-BACB-3D26873E5858", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", matchCriteriaId: "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", matchCriteriaId: "B98BAEB2-A540-4E8A-A946-C4331B913AFD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B8FBE260-E306-4215-80C0-D2D27CA43E0F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D7B49D71-6A31-497A-B6A9-06E84F086E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*", matchCriteriaId: "E6235EAE-47DD-4292-9941-6FF8D0A83843", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", matchCriteriaId: "062E4E7C-55BB-46F3-8B61-5A663B565891", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*", matchCriteriaId: "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*", matchCriteriaId: "C05190B9-237F-4E2E-91EA-DB1B738864AD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", matchCriteriaId: "9C416FD3-2E2F-4BBC-BD5F-F896825883F4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D886339E-EDB2-4879-BD54-1800E4CA9CAE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*", matchCriteriaId: "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "539DA24F-E3E0-4455-84C6-A9D96CD601B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "6814B606-D054-433C-A46E-0F6E338E1C46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "1F05AF4B-A747-4314-95AE-F8495479AB3E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9FADE563-5AAA-42FF-B43F-35B20A2386C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4F3D40B7-925C-413D-AFF3-60BF330D5BC2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*", matchCriteriaId: "B2204841-585F-40C7-A1D9-C34E612808CA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database_server:21c:*:*:*:*:*:*:*", matchCriteriaId: "BDB96A21-161F-42A9-9402-FABEC9C0C15A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*", matchCriteriaId: "132DE874-6E47-452A-9FDD-27D5A41F046E", versionEndIncluding: "12.2.11", versionStartIncluding: "12.2.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*", matchCriteriaId: "135D531C-A692-4BE3-AB8C-37BB0D35559A", versionEndIncluding: "12.6.4", versionStartIncluding: "12.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*", matchCriteriaId: "7E6DF81E-E392-49E5-ADF4-510A3737A5CE", versionEndIncluding: "12.2.11", versionStartIncluding: "12.2.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*", matchCriteriaId: "4BE83BC6-5A6F-40A1-AAC7-314A575D8E07", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "36CF85A9-2C29-46E7-961E-8ADD0B5822CF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "E80555C7-DA1C-472C-9467-19554DCE4476", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*", matchCriteriaId: "7015A8CB-8FA6-423E-8307-BD903244F517", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*", matchCriteriaId: "F9A4E206-56C7-4578-AC9C-088B0C8D9CFE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", matchCriteriaId: "C78A7E07-AB08-46C5-942D-B40BBE0C0D06", versionEndExcluding: "11.1.2.4.47", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", matchCriteriaId: "3197F464-F0A5-4BD4-9068-65CD448D8F4C", versionEndExcluding: "21.3", versionStartIncluding: "21.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase:11.1.2.4.47:*:*:*:*:*:*:*", matchCriteriaId: "809FD6D6-D05D-4387-A725-F707015DEFBB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase_administration_services:*:*:*:*:*:*:*:*", matchCriteriaId: "A093A76C-4B2C-4FAD-BFDF-09862F831102", versionEndExcluding: "11.1.2.4.47", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:essbase_administration_services:11.1.2.4.47:*:*:*:*:*:*:*", matchCriteriaId: "1A1277A9-C49C-4840-A118-986C10A07657", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3:*:*:*:*:*:*:*", matchCriteriaId: "03B9F810-EF80-4551-BA6D-027B0B2A787D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "47B0A947-E4C8-4C04-AD3B-950E59DF7A0E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "1AC36036-07CE-4903-8FFB-445C6908F0CE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "435FDFA1-BF6A-499D-BDB6-88A26648DFD5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "AB3F3F63-9543-4568-BCB1-1CAF88384142", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "FC0C4CA4-1694-474E-8272-CF96E168D962", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "93E953D0-9C0C-4B03-9939-384A1F7E2BC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*", matchCriteriaId: "767CC73D-2771-4BBC-9D74-4416AEC6BB2E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*", matchCriteriaId: "D33B68C6-2A4E-418C-A2BD-43A3CC5D1003", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*", matchCriteriaId: "DAE3EA23-045D-474C-ABD8-916930D4E9E7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*", matchCriteriaId: "0E8FD060-E9A8-499C-87B0-AF7BBED7771F", versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*", matchCriteriaId: "B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*", matchCriteriaId: "10BBAD37-51A1-4819-807B-2642E9D4A69C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "21BE77B2-6368-470E-B9E6-21664D9A818A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3250073F-325A-4AFC-892F-F2005E3854A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*", matchCriteriaId: "524429D6-8AF1-4713-A9B8-678B50A3762F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*", matchCriteriaId: "ED21B958-0FD0-4697-9CE2-266DEE4E29DC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6762F207-93C7-4363-B2F9-7A7C6F8AF993", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1B74B912-152D-4F38-9FC1-741D6D0B27FC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "2177A5E9-B260-499E-8D60-920679518425", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "6329B1A2-75A8-4909-B4FB-77AC7232B6ED", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "EA86EF7E-6162-4244-9C88-7AF5CAB787E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "DE5EA810-3110-4343-9054-0FCFCD608C25", versionEndExcluding: "12.3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "78A48EA9-1CAB-4DD2-9DAD-0213F6EFC48C", versionEndExcluding: "19.1.0.0.220118", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*", matchCriteriaId: "71050E24-6915-4B5E-98ED-AFAA6C2FF38B", versionEndExcluding: "21.5.0.0.220118", versionStartIncluding: "21.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E7BE0590-31BD-4FCD-B50E-A5F86196F99E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*", matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*", matchCriteriaId: "29312DB7-AFD2-459E-A166-95437ABED12C", versionEndExcluding: "21.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4E45ADE3-2A3D-4FCA-BCDF-D0CC6CE0A23C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB8797ED-52E7-47B6-9F78-E2402671CCAC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97C10FBE-FD9A-4739-9303-5B6FC7551D66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "CF45C905-9EFF-4108-9B70-9FFDDD6627A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E03F5DEF-DDD7-4C8C-90EF-7E4BCDEFE34B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "66C673C4-A825-46C0-816B-103E1C058D03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "BA92E70A-2249-4144-B0B8-35501159ADB3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "F88FB6C5-D797-4017-A285-D3BB24B55429", versionEndIncluding: "7.3.0.2", versionStartIncluding: "7.3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "D747A956-40A6-47D8-A813-FA4E13CB557F", versionEndIncluding: "8.0.2", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E67501BE-206A-49FD-8CBA-22935DF917F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "6F04B1BA-EA84-4AA3-B208-DECC33E192EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "523391D8-CB84-4EBD-B337-6A99F52E537F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*", matchCriteriaId: "05F5B430-8BA1-4865-93B5-0DE89F424B53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_opera_5_property_services:5.6:*:*:*:*:*:*:*", matchCriteriaId: "B0C177E1-66B8-4AB7-A3F0-B6CCDCC28F75", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*", matchCriteriaId: "CBDA65DE-5727-49DC-8D50-DA81DB3E8841", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*", matchCriteriaId: "A577DCD3-6730-441A-B3BD-6199483FB1E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*", matchCriteriaId: "577A07A9-DBB1-49E6-B2CC-60B917097472", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*", matchCriteriaId: "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*", matchCriteriaId: "AD7E9060-BA5B-4682-AC0D-EE5105AD0332", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_financial_management:11.1.2.4:*:*:*:*:*:*:*", matchCriteriaId: "49706536-CE9B-4713-8460-CC961B50C341", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_financial_management:11.2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F77F79-5E93-4FC2-84F2-26AF52B4C08A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_ilearning:6.2:*:*:*:*:*:*:*", matchCriteriaId: "781049BF-3467-4DB5-89D4-6A76984E0261", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_ilearning:6.3:*:*:*:*:*:*:*", matchCriteriaId: "058F9FC3-CA81-43BF-B083-DA8BE388E00A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*", matchCriteriaId: "52C13DE5-CA3C-414F-8813-BB0847433151", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", matchCriteriaId: "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", matchCriteriaId: "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", matchCriteriaId: "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BD4EE554-DFE7-4C16-BC98-574DC97FC85C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "EE4160ED-75F2-4499-AC6C-90CD092A46E1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*", matchCriteriaId: "2F03BFDA-6904-42D7-8170-D6FD143BB16C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "32EE6974-6E2E-4DE8-9F2B-8FE0FCEFECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "C85900AC-11DA-4FA8-A1E0-270240BF4B0E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*", matchCriteriaId: "87B4051B-EB98-4D10-99D9-F15B44DBC7F0", versionEndIncluding: "5.6.0", versionStartIncluding: "5.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "428D2B1D-CFFD-49D1-BC05-2D85D22004DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "00C9E689-ED91-4A9D-B9C0-5BF4EC131409", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*", matchCriteriaId: "7EFA1879-0BF9-4493-9145-15100BC38C0A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EF958C28-4289-4433-8CD9-B6551F01926F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "57E9FC66-F6A0-4FB0-8D92-2C9B9E3F2184", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*", matchCriteriaId: "48261B54-471D-4C03-AFF9-6F2EA8FA8EBB", versionEndIncluding: "11.3.0", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*", matchCriteriaId: "33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", matchCriteriaId: "5DEAB5CD-4223-4A43-AB9E-486113827A6C", versionEndIncluding: "11.3.0", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*", matchCriteriaId: "9A94F93C-5828-4D78-9C48-20AC17E72B8E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F3E25293-CB03-44CE-A8ED-04B3A0487A6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E2B51896-E4DA-4FDA-979F-481FFB3E588A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:7u321:*:*:*:*:*:*:*", matchCriteriaId: "9F0BF15F-D4D2-4A88-BA15-79B624C4AC7D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:8u311:*:*:*:*:*:*:*", matchCriteriaId: "D63E2911-7DA8-41AC-AB7A-1AA29076F69F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:java_se:17.1:*:*:*:*:*:*:*", matchCriteriaId: "674AFFA3-E9BA-4AFD-9A73-2A4A9DE427E5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "65D65139-BB80-4713-8E59-6CA1116DCC1D", versionEndExcluding: "9.2.6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*", matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A2E3E923-E2AD-400D-A618-26ADF7F841A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "9AB58D27-37F2-4A32-B786-3490024290A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", matchCriteriaId: "AC7290F2-AF21-49B9-B3EF-869B7DE1A2AC", versionEndExcluding: "7.4.34", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", matchCriteriaId: "00D3ECDE-287B-4336-898A-0DFEBE2AB6C3", versionEndExcluding: "7.5.24", versionStartIncluding: "7.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", matchCriteriaId: "105CBFD5-20DF-4BF0-9629-B87AF404E33D", versionEndExcluding: "7.6.20", versionStartIncluding: "7.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", matchCriteriaId: "E248F8CE-5B39-457D-A47E-620858340840", versionEndExcluding: "8.0.27", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", matchCriteriaId: "9CD3AAAD-5F6E-4A3C-9CFC-EC4866628ABD", versionEndExcluding: "8.0.27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_connectors:8.0.27:*:*:*:*:*:*:*", matchCriteriaId: "9E1912FB-8ABF-4640-92E7-367A4923267C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "2C9E5736-6015-499E-A452-227DCFB87DA7", versionEndExcluding: "5.7.36", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F2B0D740-75B1-4953-A99F-965F999FDC64", versionEndExcluding: "8.0.27", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:5.7.36:*:*:*:*:*:*:*", matchCriteriaId: "A3F3390B-4081-473F-A5E0-B5E3A3888F04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "3C56CECB-6B97-406C-8761-8B7F74CA7DEF", versionEndExcluding: "8.0.27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", matchCriteriaId: "7167D144-C4AE-487F-B59A-888E10EA59DF", versionEndExcluding: "21.1.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "71CB79ED-A93E-4CBD-BCDD-82C5A00B373B", versionEndExcluding: "2.12.42", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E4859861-C2EC-489F-A3B7-ACF85C709C24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.2:*:*:*:*:*:*:*", matchCriteriaId: "247C0D05-C76B-44BC-8750-C716FF980D70", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "E2CB2872-747C-47AC-8463-DD759BF105B6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "1DBC53C9-75EC-46F7-907D-63BB74864CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.59:*:*:*:*:*:*:*", matchCriteriaId: "D370F2E3-EF8A-440C-8319-D52FA3431428", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "F47057A9-2DDE-4178-B140-F7D70EAED8F6", versionEndIncluding: "12.2.24", versionStartIncluding: "12.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*", matchCriteriaId: "9D8B3B57-73D6-4402-987F-8AE723D52F94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*", matchCriteriaId: "FA9948AB-0CA6-4148-949C-E500466B45F5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*", matchCriteriaId: "56D17905-5E69-4BD5-973B-30662AC3D678", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*", matchCriteriaId: "70E72A74-F6A9-48EE-9279-3D9E53C2EC30", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*", matchCriteriaId: "F14C6AB5-CC45-4753-A60F-1F527B063127", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*", matchCriteriaId: "583BBDF1-DBE4-486D-ABF8-7D2B0408490A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*", matchCriteriaId: "C9810151-6F80-48FD-A51E-F063EB2B7324", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", versionEndIncluding: "17.12.11", versionStartIncluding: "17.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "A621A5AE-6974-4BA5-B1AC-7130A46F68F5", versionEndIncluding: "18.8.13", versionStartIncluding: "18.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4096281D-2EBA-490D-8180-3C9D05EB890A", versionEndIncluding: "19.12.12", versionStartIncluding: "19.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", versionEndIncluding: "20.12.7", versionStartIncluding: "20.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*", matchCriteriaId: "15F45363-236B-4040-8AE4-C6C0E204EDBA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "DAB9BA0D-7149-4221-A5AE-D4664E11C86F", versionEndIncluding: "17.12.0.0-17.12.20.0", versionStartIncluding: "17.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "CFE4EAC8-A743-4658-AD72-088A5E747180", versionEndIncluding: "18.8.24.0", versionStartIncluding: "18.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981", versionEndIncluding: "19.12.18.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "651104CE-0569-4E6D-ACAB-AD2AC85084DD", versionEndIncluding: "20.12.12.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "45D89239-9142-46BD-846D-76A5A74A67B1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E867F5E0-48A0-4D84-A0CA-A428FB2264D4", versionEndIncluding: "17.12.20.0", versionStartIncluding: "17.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "05B3FCDE-7EF8-49CA-9C09-9033E5D7B91E", versionEndIncluding: "18.8.24.0", versionStartIncluding: "18.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "05848067-59FF-4C90-A8BA-D1E4311B3A82", versionEndIncluding: "19.12.17.0", versionStartIncluding: "19.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*", matchCriteriaId: "DC6AD8C8-96ED-4CFB-9953-99139FABCE35", versionEndIncluding: "20.12.9.0", versionStartIncluding: "20.12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "F67F218D-E827-482B-8417-483713F31D69", versionEndIncluding: "18.0.3.0", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*", matchCriteriaId: "0ADB354B-AD0D-4EFA-B7C6-71A35FA0AFF9", versionEndIncluding: "19.0.1.2", versionStartIncluding: "19.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "53B3B01A-532C-45B7-9BFC-19AABF55644B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "683ABA64-9F16-4C23-8AF3-BB0C19FED9B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*", matchCriteriaId: "E9C55C69-E22E-4B80-9371-5CD821D79FE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*", matchCriteriaId: "CE004F32-F4DA-45A8-AD11-8924C4F1076A", versionEndIncluding: "12.2.11", versionStartIncluding: "12.2.6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C914A8CA-352B-4B02-8A2F-D5A6EC04AF53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CADD7026-EF85-40A5-8563-7A34C6941B1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "58F019E8-F68D-41B5-9480-0A81616F2E7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:rest_data_services:21.2.4:*:*:*:-:*:*:*", matchCriteriaId: "12F5FDCF-EA13-44F1-B3D8-94310CD3841C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "51E83F05-B691-4450-BCA9-32209AEC4F6A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "288235F9-2F9E-469A-BE14-9089D0782875", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6672F9C1-DA04-47F1-B699-C171511ACE38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "11E57939-A543-44F7-942A-88690E39EABA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "90D4D479-0294-4F31-B719-8544C8DC4554", versionEndIncluding: "16.0.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48C9BD8E-7214-4B44-B549-6F11B3EA8A04", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "F0735989-13BD-40B3-B954-AC0529C5B53D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", matchCriteriaId: "58405263-E84C-4071-BB23-165D49034A00", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*", matchCriteriaId: "08DF20EA-D1A6-4437-90F6-C0C40273CE5B", versionEndIncluding: "16.0.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", matchCriteriaId: "B92BB355-DB00-438E-84E5-8EC007009576", versionEndIncluding: "19.0", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F3796186-D3A7-4259-846B-165AD9CEB7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CEDA5540-692D-47DA-9F68-83158D9AE628", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C5435583-C454-4AC9-8A35-D2D30EB252EE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A2140357-503A-4D2A-A099-CFA4DC649E41", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*", matchCriteriaId: "31FFE404-027E-4B59-B3EF-BD20E1F7EECC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6B042849-7EF5-4A5F-B6CD-712C0B8735BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7435071D-0C95-4686-A978-AFC4C9A0D0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*", matchCriteriaId: "A5F6FD19-A314-4A1F-96CB-6DB1CED79430", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*", matchCriteriaId: "A921C710-1C59-429F-B985-67C0DBFD695E", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*", matchCriteriaId: "40AABFD3-1D0D-4C6B-BA9A-9DA70241B51C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "4EEF867A-587A-45E1-B2F6-0B903903F0F9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "DFDF4CB0-4680-449A-8576-915721D59500", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD311C33-A309-44D5-BBFB-539D72C7F8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A0472632-4104-4397-B619-C4E86A748465", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48E25E7C-F7E8-4739-8251-00ACD11C12FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", matchCriteriaId: "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", matchCriteriaId: "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*", matchCriteriaId: "C7BD0D41-1BED-4C4F-95C8-8987C98908DA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*", matchCriteriaId: "99B5DC78-1C24-4F2B-A254-D833FAF47013", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*", matchCriteriaId: "274999E6-18ED-46F0-8CF2-56374B3DF174", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*", matchCriteriaId: "9002379B-4FDA-44F3-98EB-0C9B6083E429", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*", matchCriteriaId: "476B038D-7F60-482D-87AD-B58BEA35558E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4FB98961-8C99-4490-A6B8-9A5158784F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*", matchCriteriaId: "AB86C644-7B79-4F87-A06D-C178E8C2B8B4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*", matchCriteriaId: "C19C5CC9-544A-4E4D-8F0A-579BB5270F07", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3E1A9B0C-735A-40B4-901C-663CF5162E96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "5B956113-5B3B-436D-858B-8F29FB304364", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:14.1.3:*:*:*:*:*:*:*", matchCriteriaId: "E0DD7FAB-0E0F-4319-95BF-C90881CE2E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*", matchCriteriaId: "7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DC456422-00B5-498E-A28E-EA834367D943", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*", matchCriteriaId: "EFC5F424-119D-4C66-8251-E735EEFBC0BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_price_management:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5C745606-0EF8-4E57-BFBC-C3FB39CB7E1A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", matchCriteriaId: "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*", matchCriteriaId: "0CE45891-A6A5-4699-90A6-6F49E60A7987", versionEndIncluding: "16.0.3", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "054F9E62-A6D6-4850-83AD-3628C74A4384", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "E702EBED-DB39-4084-84B1-258BC5FE7545", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "3F7956BF-D5B6-484B-999C-36B45CD8B75B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0D14A54A-4B04-41DE-B731-844D8AC3BE23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9DA6B655-A445-42E5-B6D9-70AB1C04774A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "74ACC94B-4A9F-451D-B639-6008A108BDDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", matchCriteriaId: "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", matchCriteriaId: "48EFC111-B01B-4C34-87E4-D6B2C40C0122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", matchCriteriaId: "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A69FB468-EAF3-4E67-95E7-DF92C281C1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", matchCriteriaId: "667A06DE-E173-406F-94DA-1FE64BCFAE18", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", matchCriteriaId: "77E39D5C-5EFA-4FEB-909E-0A92004F2563", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", matchCriteriaId: "06816711-7C49-47B9-A9D7-FB18CC3F42F2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E8929B61-16EC-4FE0-98A5-1CC7CC7FD9CC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_applications:*:*:*:*:*:*:*:*", matchCriteriaId: "6CA63BB4-27A9-4B26-B01C-1F527C7B9454", versionEndExcluding: "21.12", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:spatial_studio:21.2.1:*:*:*:*:*:*:*", matchCriteriaId: "D926BD38-E66E-41DA-9F65-40D68F8D8890", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*", matchCriteriaId: "01E3B232-073E-433B-977A-1742B75109B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*", matchCriteriaId: "6F6FDC33-D57E-4C6A-B633-BFC587147037", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F3B01572-9D32-44B2-8FCF-C282C887DB51", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "513AE97F-161C-43D2-B2D1-653125A9E920", versionEndExcluding: "11.2.2.8.27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "34656ECE-15CB-495C-8573-7C98B383F15B", versionEndExcluding: "21.1.1.1.0", versionStartIncluding: "21.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "51309958-121D-4649-AB9A-EBFA3A49F7CB", versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*", matchCriteriaId: "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*", matchCriteriaId: "C5B4C338-11E1-4235-9D5A-960B2711AC39", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "8C93F84E-9680-44EF-8656-D27440B51698", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", matchCriteriaId: "91A2A4B0-88FC-41D1-8719-4FAABED19F8E", versionEndExcluding: "6.1.32", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D6A4F71A-4269-40FC-8F61-1D1301F2B728", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5A502118-5B2B-47AE-82EC-1999BD841103", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C93CC705-1F8C-4870-99E6-14BF264C3811", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*", matchCriteriaId: "CB85582D-0106-47F1-894F-0BC4FF0B5462", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", matchCriteriaId: "7569C0BD-16C1-441E-BAEB-840C94BE73EF", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", matchCriteriaId: "964B57CD-CB8A-4520-B358-1C93EC5EF2DC", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", matchCriteriaId: "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m10-1_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4DB505EC-A54C-4033-B3A6-24CEF87A855D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*", matchCriteriaId: "0F63BFBA-A4D8-43D1-A13E-DEED6AEF596B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m10-4_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D4A48DA6-C5A5-4B3D-B43B-31380223A55A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*", matchCriteriaId: "D4BB5347-D09D-4FC5-9F1C-7F3E036C18AD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "BB27AABE-079B-4DF0-ABEF-0D3329685B1E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*", matchCriteriaId: "529D4274-F33B-47C7-A3FB-6F86096FD955", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m12-1_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6D2D622F-E345-4A4D-861F-6460DF56880C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*", matchCriteriaId: "A534E662-66B7-448B-A763-6B043112C877", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m12-2_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FCBEE0C8-CC99-4A25-9342-208D4DB91AAD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*", matchCriteriaId: "95541D18-5C33-49E9-924D-0B21162EC2C4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "CE5C60CD-F890-4E3F-A2C3-9153591E7647", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*", matchCriteriaId: "22FD4F61-0A4F-4C74-A852-B1CD3639E1D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.", }, { lang: "es", value: "Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. Esta vulnerabilidad puede resultar en un ataque de tipo XSS.", }, ], id: "CVE-2019-10219", lastModified: "2024-11-21T04:18:40.947", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "secalert@redhat.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-08T15:15:11.157", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0159", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0160", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0161", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0164", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0445", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220210-0024/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0159", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2020:0445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220210-0024/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-21 23:15
Modified
2024-11-21 05:37
Severity ?
Summary
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxml2:2.9.10:*:*:*:*:*:*:*", matchCriteriaId: "F5046B03-34DE-4574-AFDB-E0B2A8022E72", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F65F9901-F4BD-4484-9749-D5022245D686", versionEndExcluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", matchCriteriaId: "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "1F48ACED-5496-4AF1-86AF-63AA4D7C3C86", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "CDDF61B7-EC5C-467C-B710-B89F502CD04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "EED6C8C2-F986-4CFD-A343-AD2340F850F2", versionEndIncluding: "8.0.26", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CADD7026-EF85-40A5-8563-7A34C6941B1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "58F019E8-F68D-41B5-9480-0A81616F2E7C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", }, { lang: "es", value: "La función xmlStringLenDecodeEntities en el archivo parser.c en libxml2 versión 2.9.10, presenta un bucle infinito en una determinada situación de fin del archivo.", }, ], id: "CVE-2020-7595", lastModified: "2024-11-21T05:37:26.453", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-21T23:15:13.867", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202010-04", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200702-0005/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4274-1/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202010-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200702-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4274-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-19 14:15
Modified
2024-11-21 06:21
Severity ?
Summary
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", matchCriteriaId: "208AF535-5D38-45B4-B227-2892611C5A20", versionEndExcluding: "2.9.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", matchCriteriaId: "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "62347994-1353-497C-9C4A-D5D8D95F67E8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569", versionEndIncluding: "11.70.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*", matchCriteriaId: "D39DCAE7-494F-40B2-867F-6C6A077939DD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", matchCriteriaId: "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "08C564D8-E21F-403C-B4BB-7B14B7FB5DAE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "8532F5F0-00A1-4FA9-A80B-09E46D03F74F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "EED6C8C2-F986-4CFD-A343-AD2340F850F2", versionEndIncluding: "8.0.26", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CADD7026-EF85-40A5-8563-7A34C6941B1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "58F019E8-F68D-41B5-9480-0A81616F2E7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.", }, { lang: "es", value: "Se presenta un fallo en la funcionalidad xml entity encoding de libxml2 en versiones anteriores a 2.9.11. Un atacante que sea capaz de proporcionar un archivo diseñado para que sea procesado por una aplicación vinculada con la funcionalidad afectada de libxml2 podría desencadenar una lectura fuera de los límites. El impacto más probable de este fallo es la disponibilidad de la aplicación, con algún impacto potencial en la confidencialidad e integridad si un atacante puede usar la información de la memoria para explotar aún más la aplicación", }, ], id: "CVE-2021-3517", lastModified: "2024-11-21T06:21:44.107", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-19T14:15:07.553", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954232", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-05", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211022-0004/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "secalert@redhat.com", tags: [ "Not Applicable", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211022-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "secalert@redhat.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-31 18:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | * | |
| dell | bsafe | * | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.0 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3.0 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519", versionEndExcluding: "4.0.11", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "1DF1347A-3AFB-40CC-B1AD-F2DAC90502D1", versionEndExcluding: "4.1.6.1", versionStartIncluding: "4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", versionEndExcluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6.1 (en las 4.1.x) contiene una vulnerabilidad de canal de tiempo oculto durante el descifrado RSA. Esto también se conoce como ataque Bleichenbacher sobre descifrado RSA. Un atacante remoto podría ser capaz de recuperar una clave RSA.", }, ], id: "CVE-2018-11057", lastModified: "2024-11-21T03:42:35.243", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-31T18:29:00.653", references: [ { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-04 00:15
Modified
2024-11-21 05:16
Severity ?
Summary
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxml2 | 2.9.10 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| netapp | active_iq_unified_manager | * | |
| netapp | active_iq_unified_manager | * | |
| netapp | clustered_data_ontap | - | |
| netapp | clustered_data_ontap_antivirus_connector | - | |
| netapp | inventory_collect_tool | - | |
| netapp | manageability_software_development_kit | - | |
| netapp | snapdrive | - | |
| netapp | snapdrive | - | |
| netapp | hci_h410c_firmware | - | |
| netapp | hci_h410c | - | |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | 1.10.0 | |
| oracle | enterprise_manager_base_platform | 13.4.0.0 | |
| oracle | enterprise_manager_base_platform | 13.5.0.0 | |
| oracle | enterprise_manager_ops_center | 12.4.0.0 | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | mysql_workbench | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | real_user_experience_insight | 13.4.1.0 | |
| oracle | real_user_experience_insight | 13.5.1.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxml2:2.9.10:*:*:*:*:*:*:*", matchCriteriaId: "F5046B03-34DE-4574-AFDB-E0B2A8022E72", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "62347994-1353-497C-9C4A-D5D8D95F67E8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:inventory_collect_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "A2C13438-3C64-40A6-AA0D-327CB722888D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*", matchCriteriaId: "D39DCAE7-494F-40B2-867F-6C6A077939DD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", matchCriteriaId: "61D7EF01-F618-497F-9375-8003CEA3D380", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", matchCriteriaId: "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "08C564D8-E21F-403C-B4BB-7B14B7FB5DAE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "8532F5F0-00A1-4FA9-A80B-09E46D03F74F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "EED6C8C2-F986-4CFD-A343-AD2340F850F2", versionEndIncluding: "8.0.26", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CADD7026-EF85-40A5-8563-7A34C6941B1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "58F019E8-F68D-41B5-9480-0A81616F2E7C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.", }, { lang: "es", value: "El proyecto de GNOME libxml2 v2.9.10 tiene una vulnerabilidad de sobre lectura del buffer global en xmlEncodeEntitiesInternal en libxml2/entities.c. El problema ha sido corregido en el commit 50f06b3e", }, ], id: "CVE-2020-24977", lastModified: "2024-11-21T05:16:15.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-04T00:15:10.693", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-05", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200924-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200924-0001/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200924-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200924-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-16 21:29
Modified
2024-11-21 03:51
Severity ?
Summary
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | * | |
| dell | bsafe | * | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.0 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3.0 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519", versionEndExcluding: "4.0.11", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "F72D69C9-BBFA-43CC-A094-596361593D16", versionEndExcluding: "4.1.6.2", versionStartIncluding: "4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", versionEndExcluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite en versiones anteriores a la 4.0.11 (en la serie 4.0.x) y las versiones anteriores a la 4.1.6.2 (en la serie 4.1.x) contiene un problema de error de gestión clave. Un servidor TLS malicioso podría provocar una denegación de servicio (DoS) en los clientes TLS durante la negociación cuando un valor primo muy grande se envía al cliente TLS y se emplea una suite de cifrado Diffie-Hellman Ephemeral o Anonymous (DHE o ADH).", }, ], id: "CVE-2018-15769", lastModified: "2024-11-21T03:51:26.183", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-16T21:29:00.470", references: [ { source: "security_alert@emc.com", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/105929", }, { source: "security_alert@emc.com", tags: [ "Broken Link", ], url: "http://www.securitytracker.com/id/1042057", }, { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2018/Nov/37", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/105929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securitytracker.com/id/1042057", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/fulldisclosure/2018/Nov/37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-31 18:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | * | |
| dell | bsafe_crypto-c | * | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.0 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3.0 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "1DF1347A-3AFB-40CC-B1AD-F2DAC90502D1", versionEndExcluding: "4.1.6.1", versionStartIncluding: "4.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-c:*:*:*:*:micro:*:*:*", matchCriteriaId: "34E7C1D1-796B-4FDD-A619-5DD75032FEBB", versionEndExcluding: "4.0.5.3", versionStartIncluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", versionEndExcluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.1.6.1 (en las 4.1.x) y RSA BSAFE Crypto-C Micro Edition en versiones anteriores a la 4.0.5.3 (en las 4.0.x) contiene una vulnerabilidad de consumo de recursos no controlado (\"Resource Exhaustion\") al analizar datos ASN.1. Un atacante remoto podría emplear datos ASN.1 construidos de forma maliciosa que agotarían la pila, pudiendo provocar una denegación de servicio (DoS).", }, ], id: "CVE-2018-11056", lastModified: "2024-11-21T03:42:35.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-31T18:29:00.530", references: [ { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-31 18:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | * | |
| dell | bsafe | * | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.0 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3.0 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "3F58C7A1-2DC4-4971-BCB5-1F7D4A152519", versionEndExcluding: "4.0.11", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe:*:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "1DF1347A-3AFB-40CC-B1AD-F2DAC90502D1", versionEndExcluding: "4.1.6.1", versionStartIncluding: "4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DE48E0FE-5931-441C-B4FF-253BD9C48186", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DA0527-562D-457F-A2BB-3DF5EAABA1AB", versionEndExcluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6.1 (en las 4.1.x), contiene una vulnerabilidad de limpieza indebida de memoria dinámica (heap) antes de liberarla (\"Heap Inspection\"). Los datos PKCS #12 descifrados en la memoria dinámica no se convierten a cero por MES antes de liberar la memoria internamente. Un usuario local malicioso podría obtener acceso a los datos no autorizados mediante la inspección del heap.", }, ], id: "CVE-2018-11055", lastModified: "2024-11-21T03:42:34.767", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-31T18:29:00.403", references: [ { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-404", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-18 12:15
Modified
2024-11-21 06:21
Severity ?
Summary
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", matchCriteriaId: "208AF535-5D38-45B4-B227-2892611C5A20", versionEndExcluding: "2.9.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", matchCriteriaId: "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "62347994-1353-497C-9C4A-D5D8D95F67E8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*", matchCriteriaId: "D39DCAE7-494F-40B2-867F-6C6A077939DD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", matchCriteriaId: "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "08C564D8-E21F-403C-B4BB-7B14B7FB5DAE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "8532F5F0-00A1-4FA9-A80B-09E46D03F74F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "EED6C8C2-F986-4CFD-A343-AD2340F850F2", versionEndIncluding: "8.0.26", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CADD7026-EF85-40A5-8563-7A34C6941B1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "58F019E8-F68D-41B5-9480-0A81616F2E7C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.", }, { lang: "es", value: "Se presenta un fallo en libxml2 en versiones anteriores a 2.9.11. Un atacante que pueda enviar un archivo diseñado para que sea procesado por una aplicación vinculada con libxml2 podría desencadenar un uso de la memoria previamente liberada. El mayor impacto de este fallo es a la confidencialidad, integridad y disponibilidad", }, ], id: "CVE-2021-3518", lastModified: "2024-11-21T06:21:44.453", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-18T12:15:08.043", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/54", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/55", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/58", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/59", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-05", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212601", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212602", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212604", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212605", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "secalert@redhat.com", tags: [ "Not Applicable", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/54", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/55", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/58", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2021/Jul/59", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT212605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-14 20:15
Modified
2024-11-21 06:21
Severity ?
Summary
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", matchCriteriaId: "208AF535-5D38-45B4-B227-2892611C5A20", versionEndExcluding: "2.9.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", matchCriteriaId: "9B453CF7-9AA6-4B94-A003-BF7AE0B82F53", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "62347994-1353-497C-9C4A-D5D8D95F67E8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*", matchCriteriaId: "D39DCAE7-494F-40B2-867F-6C6A077939DD", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", matchCriteriaId: "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "08C564D8-E21F-403C-B4BB-7B14B7FB5DAE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*", matchCriteriaId: "8532F5F0-00A1-4FA9-A80B-09E46D03F74F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "EED6C8C2-F986-4CFD-A343-AD2340F850F2", versionEndIncluding: "8.0.26", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CADD7026-EF85-40A5-8563-7A34C6941B1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "58F019E8-F68D-41B5-9480-0A81616F2E7C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.", }, { lang: "es", value: "Una vulnerabilidad encontrada en libxml2 en versiones anteriores a 2.9.11 muestra que no propagó errores al analizar el contenido mixto XML, causando una desreferencia de NULL. Si un documento XML que no es confiable fue analizado en modo de recuperación y pos-comprobado, el fallo podría usarse para bloquear la aplicación. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema", }, ], id: "CVE-2021-3537", lastModified: "2024-11-21T06:21:47.317", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-14T20:15:16.553", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1956522", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-05", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "secalert@redhat.com", tags: [ "Not Applicable", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1956522", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210625-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-31 18:29
Modified
2024-11-21 03:42
Severity ?
Summary
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe | 4.1.6 | |
| oracle | application_testing_suite | 13.3.0.1 | |
| oracle | communications_analytics | 12.1.1 | |
| oracle | communications_ip_service_activator | 7.3.4 | |
| oracle | communications_ip_service_activator | 7.4.0 | |
| oracle | core_rdbms | 11.2.0.4 | |
| oracle | core_rdbms | 12.1.0.2 | |
| oracle | core_rdbms | 12.2.0.1 | |
| oracle | core_rdbms | 18c | |
| oracle | core_rdbms | 19c | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | goldengate_application_adapters | 12.3.2.1.0 | |
| oracle | jd_edwards_enterpriseone_tools | 9.2 | |
| oracle | real_user_experience_insight | 13.1.2.1 | |
| oracle | real_user_experience_insight | 13.2.3.1 | |
| oracle | real_user_experience_insight | 13.3.1.0 | |
| oracle | retail_predictive_application_server | 15.0.3 | |
| oracle | retail_predictive_application_server | 16.0.3 | |
| oracle | security_service | 11.1.1.9.0 | |
| oracle | security_service | 12.1.3.0.0 | |
| oracle | security_service | 12.2.1.2.0 | |
| oracle | timesten_in-memory_database | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe:4.1.6:*:*:*:micro_edition_suite:*:*:*", matchCriteriaId: "F82A961E-9004-4F29-8346-496CDAC5F2FC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A125E817-F974-4509-872C-B71933F42AD1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", matchCriteriaId: "55D98C27-734F-490B-92D5-251805C841B9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.4:*:*:*:*:*:*:*", matchCriteriaId: "BDB13348-C8CA-4E71-9DC6-091B09D52E96", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", matchCriteriaId: "DE7A60DB-A287-4E61-8131-B6314007191B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:11.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E1367C5D-8815-41E6-B609-E855CB8B1AA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7E150F02-5B34-4496-A024-335DF64D7F8F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:12.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4059F859-A7D8-4ADD-93EE-74AF082ED34A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:18c:*:*:*:*:*:*:*", matchCriteriaId: "C9FFAF8E-4023-4599-9F0D-274E6517CB1B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:core_rdbms:19c:*:*:*:*:*:*:*", matchCriteriaId: "9B639209-A651-43FB-8F0C-B25F605521EC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F6F259E6-10A8-4207-8FC2-85ABD70B04C0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "0B1BE63E-7E2E-407C-92F3-664D7C5680C8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "F4044230-5BF5-4B13-A853-E59D5592ADC6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", matchCriteriaId: "24A3C819-5151-4543-A5C6-998C9387C8A2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "4FB98961-8C99-4490-A6B8-9A5158784F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "008518E5-4814-46AA-B9E7-A3B2635D6D4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "495ADD0F-AF15-495D-8E07-171CCF71DBD3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "159F3C77-88C9-40B4-8FD2-70C8C208F95A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", matchCriteriaId: "EF096355-CD16-4F20-8E2D-1297BE6BC560", versionEndIncluding: "18.1.4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.", }, { lang: "es", value: "RSA BSAFE Micro Edition Suite, en su versión 4.1.6, contiene una vulnerabilidad de desbordamiento de enteros. Un atacante remoto podría emplear datos ASN.1 construidos de forma maliciosa para provocar una denegación de servicio (DoS).", }, ], id: "CVE-2018-11054", lastModified: "2024-11-21T03:42:34.523", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-31T18:29:00.263", references: [ { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Aug/46", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-21 23:15
Modified
2024-11-21 04:38
Severity ?
Summary
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxml2:2.9.10:*:*:*:*:*:*:*", matchCriteriaId: "F5046B03-34DE-4574-AFDB-E0B2A8022E72", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", matchCriteriaId: "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6770B6C3-732E-4E22-BF1C-2D2FD610061C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", matchCriteriaId: "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFF7106-ED78-49BA-9EC5-B889E3685D53", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", matchCriteriaId: "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "56409CEC-5A1E-4450-AA42-641E459CC2AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", matchCriteriaId: "B06F4839-D16A-4A61-9BB5-55B13F41E47F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "108A2215-50FB-4074-94CF-C130FA14566D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", matchCriteriaId: "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", matchCriteriaId: "803BC414-B250-4E3A-A478-A3881340D6B8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "0FEB3337-BFDE-462A-908B-176F92053CEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", matchCriteriaId: "736AEAE9-782B-4F71-9893-DED53367E102", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", matchCriteriaId: "8497A4C9-8474-4A62-8331-3FE862ED4098", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6E8758C8-87D3-450A-878B-86CE8C9FC140", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B095CC03-7077-4A58-AB25-CC5380CDCE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "EED6C8C2-F986-4CFD-A343-AD2340F850F2", versionEndIncluding: "8.0.26", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B534B112-9BA4-467B-A58B-D89C0A6EFA9C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CADD7026-EF85-40A5-8563-7A34C6941B1F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "58F019E8-F68D-41B5-9480-0A81616F2E7C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", }, { lang: "es", value: "La función xmlSchemaPreRun en el archivo xmlschemas.c en libxml2 versión 2.9.10, permite una pérdida de memoria de la función xmlSchemaValidateStream.", }, ], id: "CVE-2019-20388", lastModified: "2024-11-21T04:38:21.893", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-21T23:15:13.553", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202010-04", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200702-0005/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202010-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20200702-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }