Vulnerabilites related to f5 - traffix_signaling_delivery_controller
Vulnerability from fkie_nvd
Published
2014-09-24 18:48
Modified
2025-04-12 10:46
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
References
Impacted products
{ cisaActionDue: "2022-07-28", cisaExploitAdd: "2022-01-28", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*", matchCriteriaId: "F4DBE402-1B0A-4854-ABE5-891321454C25", versionEndIncluding: "4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "DCA5A28D-79B6-4F3E-9C98-65D4DFAD8EE7", versionEndExcluding: "4.9.12", versionStartIncluding: "4.9.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B1DC7EF-C994-4252-9DFE-DCA63FB17AE0", versionEndExcluding: "4.10.9", versionStartIncluding: "4.10.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "9056776F-03F6-4C3D-8635-37D66FD16EAA", versionEndExcluding: "4.11.11", versionStartIncluding: "4.11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "AFEE6963-F73F-4B71-B4F8-6E550FBDA5F6", versionEndExcluding: "4.12.9", versionStartIncluding: "4.12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "8296875A-64FA-4592-848A-A923126BD8AF", versionEndExcluding: "4.13.9", versionStartIncluding: "4.13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "816A16AF-1F5E-483A-AA89-3022818FAE43", versionEndExcluding: "4.14.4f", versionStartIncluding: "4.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:4:*:*:*:*:*:*:*", matchCriteriaId: "F8421899-5D10-4C2B-88AA-3DA909FE3E67", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", matchCriteriaId: "62A2AC02-A933-4E51-810E-5D040B476B7B", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", matchCriteriaId: "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", matchCriteriaId: "BE8B7F1F-22F6-4B10-A6E5-DE44B1D2E649", versionEndExcluding: "4.1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:4.1.1:-:*:*:*:*:*:*", matchCriteriaId: "F407EA72-BA1A-41A2-B699-874304A638A5", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:4.1.1:build_0927:*:*:*:*:*:*", matchCriteriaId: "DDA25903-B334-438B-8196-B9E5119199D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*", matchCriteriaId: "76F1E356-E019-47E8-AA5F-702DA93CF74E", vulnerable: true, }, { criteria: "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F805A106-9A6F-48E7-8582-D3C5A26DFC11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC489F35-07F1-4C3E-80B9-78F0689BC54B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:3.4:*:*:*:*:*:*:*", matchCriteriaId: "95CE35FC-266F-4025-A0B8-FB853C020800", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6172AF57-B26D-45F8-BE3A-F75ABDF28F49", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", matchCriteriaId: "6252E88C-27FF-420D-A64A-C34124CF7E6A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", matchCriteriaId: "8A8E07B7-3739-4BEB-88F8-C7F62431E889", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "569964DA-31BE-4520-A66D-C3B09D557AB8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "807C024A-F8E8-4B48-A349-4C68CD252CA1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.9_s390x:*:*:*:*:*:*:*", matchCriteriaId: "EC5537E1-1E8E-49C5-B4CB-A8E2EE3F5088", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "804DFF9F-BAA8-4239-835B-6182471A224F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.5_s390x:*:*:*:*:*:*:*", matchCriteriaId: "9EE496C0-35F7-44DC-B3F0-71EA3A613C38", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.3_s390x:*:*:*:*:*:*:*", matchCriteriaId: "71179893-49F2-433C-A7AC-687075F9CC1B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "1D4C43D8-02A5-4385-A89E-F265FEEC9E9B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.5_s390x:*:*:*:*:*:*:*", matchCriteriaId: "37ECC029-3D84-4DD7-B28B-E5AD5559CF94", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F4CBED2A-B6B0-420E-BC40-160930D8662E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.7_s390x:*:*:*:*:*:*:*", matchCriteriaId: "652F7BB0-A6EA-45D0-86D4-49F4CA6C3EE0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0_ppc:*:*:*:*:*:*:*", matchCriteriaId: "29BBF1AC-F31F-4251-8054-0D89A8E6E990", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.9_ppc:*:*:*:*:*:*:*", matchCriteriaId: "C52A4A2F-6385-4E5F-B2C7-0EF7267546F6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "6D8D654F-2442-4EA0-AF89-6AC2CD214772", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.4_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "D8ED0658-5F8F-48F0-A605-A2205DA27DA5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8BCF87FD-9358-42A5-9917-25DF0180A5A6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.5_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "C385DA76-4863-4D39-84D2-9D185D322365", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "188019BF-3700-4B3F-BFA5-553B2B545B7F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "9B8B2E32-B838-4E51-BAA2-764089D2A684", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "4319B943-7B19-468D-A160-5895F7F997A3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*", matchCriteriaId: "634C23AC-AC9C-43F4-BED8-1C720816D5E3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*", matchCriteriaId: "BB6ADFB8-210D-4E46-82A2-1C8705928382", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", matchCriteriaId: "92C9F1C4-55B0-426D-BB5E-01372C23AF97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", matchCriteriaId: "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", matchCriteriaId: "AF83BB87-B203-48F9-9D06-48A5FE399050", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*", matchCriteriaId: "8821E5FE-319D-40AB-A515-D56C1893E6F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*", matchCriteriaId: "0AE981D4-0CA1-46FA-8E91-E1A4D5B31383", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*", matchCriteriaId: "F732C7C9-A9CC-4DEF-A8BE-D0F18C944C78", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*", matchCriteriaId: "74BCA435-7594-49E8-9BAE-9E02E129B6C0", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", matchCriteriaId: "3ED68ADD-BBDA-4485-BC76-58F011D72311", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", matchCriteriaId: "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", matchCriteriaId: "CED02712-1031-4206-AC4D-E68710F46EC9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", matchCriteriaId: "35BBD83D-BDC7-4678-BE94-639F59281139", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*", matchCriteriaId: "7F4AF9EC-7C74-40C3-A1BA-82B80C4A7EE0", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", matchCriteriaId: "CB6476C7-03F2-4939-AB85-69AA524516D9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", matchCriteriaId: "15FC9014-BD85-4382-9D04-C0703E901D7A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", matchCriteriaId: "2F7F8866-DEAD-44D1-AB10-21EE611AA026", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", matchCriteriaId: "1831D45A-EE6E-4220-8F8C-248B69520948", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:8.2:*:*:*:*:*:*:*", matchCriteriaId: "94C9C346-6DEC-4C72-9F59-BB3BEC42B551", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.0:*:*:*:*:*:*:*", matchCriteriaId: "2071DABB-7102-47F2-A15F-A6C03607D01F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.1:*:*:*:*:*:*:*", matchCriteriaId: "A8661E86-E075-427F-8E05-7A33811A3A76", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:*:*:*:*:*:*:*:*", matchCriteriaId: "BEFCC35D-1C83-4CA5-8B1D-9A637613AD7E", versionEndIncluding: "1.0.0.4", versionStartIncluding: "1.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:*:*:*:*:*:*:*:*", matchCriteriaId: "054736AF-96E0-491D-B824-CC4A35B76E14", versionEndIncluding: "1.1.0.4", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "575894EE-F13C-4D56-8B63-59A379F63BD2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0E476AEB-AD38-4033-8426-DC502497D75A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3C062C89-5DC2-46EE-A9D3-23E7539A5DAF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr1:*:*:*:*:*:*", matchCriteriaId: "20981443-6A64-4852-B2CB-3299927C6F78", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr2:*:*:*:*:*:*", matchCriteriaId: "59761BB8-FCC7-4D15-88A8-82076CCF196F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:-:*:*:*:*:*:*", matchCriteriaId: "CF399B2E-8413-4B80-A0C0-E61E8A0A8604", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p1:*:*:*:*:*:*", matchCriteriaId: "230EBA53-66AF-432B-B4C1-08D8FC903B2B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p2:*:*:*:*:*:*", matchCriteriaId: "789F398A-5CB2-48F8-AF8F-05BF0A8E04B9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p3:*:*:*:*:*:*", matchCriteriaId: "EF102659-B067-473E-AA37-EA90A82D1864", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:-:*:*:*:*:*:*", matchCriteriaId: "81DF915D-D764-4C21-B213-0ADFD844E9DB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p1:*:*:*:*:*:*", matchCriteriaId: "C29A4119-A992-4713-85D6-4FDED7CD416A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p10:*:*:*:*:*:*", matchCriteriaId: "4CA59C9D-74C2-4AFC-B1D1-1BC305FD493B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p11:*:*:*:*:*:*", matchCriteriaId: "5720A37E-1DB5-45BA-9FDE-0EAEFE1F2257", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p12:*:*:*:*:*:*", matchCriteriaId: "F03006B7-037B-491F-A09F-DEB2FF076754", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p13:*:*:*:*:*:*", matchCriteriaId: "FE78AED4-AD60-406C-82E0-BA52701B49BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p2:*:*:*:*:*:*", matchCriteriaId: "3D0B71F0-CCED-4E23-989A-3E9E2D71307C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p3:*:*:*:*:*:*", matchCriteriaId: "5CF8FC22-C556-451C-B928-F5AF8DF4BF45", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p4:*:*:*:*:*:*", matchCriteriaId: "081D3B14-45F6-4F96-944B-94D967FEFA26", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p5:*:*:*:*:*:*", matchCriteriaId: "DE2C36B5-43F8-401B-B420-1FA5F13A4D6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p6:*:*:*:*:*:*", matchCriteriaId: "D922DC5A-63F6-4188-BCDE-BB987402E47E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p7:*:*:*:*:*:*", matchCriteriaId: "BFD5737C-AAE8-4C8D-BCFE-FFDF5DA4221C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p8:*:*:*:*:*:*", matchCriteriaId: "C2BCC22C-A32B-4945-AFBC-777DBE248FB8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p9:*:*:*:*:*:*", matchCriteriaId: "92F92890-63B0-4918-A147-8852B6E2FA8A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2:*:*:*:*:*:*:*", matchCriteriaId: "8016ECD3-4417-47A8-9493-C9F9EDF5FAA5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:-:*:*:*:*:*:*", matchCriteriaId: "ED0B143A-5386-4375-AEB2-48619B2B1EF3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p1:*:*:*:*:*:*", matchCriteriaId: "E7ECA734-9E95-484F-B880-2491A0E2531B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p2:*:*:*:*:*:*", matchCriteriaId: "5D7CD9E9-033C-44B8-A68C-47AC260873E1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p3:*:*:*:*:*:*", matchCriteriaId: "07B660DC-A94F-48F0-A2F4-1C39CC4751A5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:-:*:*:*:*:*:*", matchCriteriaId: "44D355AE-A8C0-4D7B-87FE-5D4138B6BB2E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p1:*:*:*:*:*:*", matchCriteriaId: "329C8551-98D1-4255-B598-9E75A071C186", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p2:*:*:*:*:*:*", matchCriteriaId: "FD0687B7-F374-4368-AD9E-041123B23A6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p3:*:*:*:*:*:*", matchCriteriaId: "D0330E77-454E-4E77-9628-50681B748491", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:-:*:*:*:*:*:*", matchCriteriaId: "3863726E-15AD-4A47-85CB-0C9965E76EF1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p1:*:*:*:*:*:*", matchCriteriaId: "5C07D9DC-E6C1-4FB0-86F1-144FD51B08CD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p2:*:*:*:*:*:*", matchCriteriaId: "3105129C-8FE8-4BF0-8CB9-A7F3F7FE1107", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p3:*:*:*:*:*:*", matchCriteriaId: "D1F35447-889F-4CE9-9473-87046B4707EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p4:*:*:*:*:*:*", matchCriteriaId: "A3A5DFC0-BBD7-430C-A026-E1F34E08894D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:-:*:*:*:*:*:*", matchCriteriaId: "141E8F6A-3998-4F22-A717-3F52BC998F97", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p1:*:*:*:*:*:*", matchCriteriaId: "F09AA197-BB55-4CF0-AC29-4449C07DE510", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p2:*:*:*:*:*:*", matchCriteriaId: "3E468E33-B183-4830-97E2-EAF9FD3758E9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p3:*:*:*:*:*:*", matchCriteriaId: "738C8F2B-3D3E-4E1F-977A-05D3A39F115D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p4:*:*:*:*:*:*", matchCriteriaId: "1ED03E83-909B-423F-81F2-34AB7F24BBE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:-:*:*:*:*:*:*", matchCriteriaId: "9778E8AA-A034-4B04-A42E-6A182378C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p1:*:*:*:*:*:*", matchCriteriaId: "AEE15598-4064-4E31-86BA-7851AA4B76C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p2:*:*:*:*:*:*", matchCriteriaId: "59FE3789-FB47-4939-B9AA-86D203445526", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p3:*:*:*:*:*:*", matchCriteriaId: "2F96389A-82B9-42DE-8E93-D2B2EE610F7A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p4:*:*:*:*:*:*", matchCriteriaId: "3131CDA5-1C4D-489C-8788-FA396F8ADB2C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p5:*:*:*:*:*:*", matchCriteriaId: "DCC7DF3E-658C-41D7-A4AC-433440A02092", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p6:*:*:*:*:*:*", matchCriteriaId: "EEBB12B8-4EF6-42B9-9D28-A9CA129B0FBA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:-:*:*:*:*:*:*", matchCriteriaId: "279C30FB-EA1C-4D1D-A37E-F1EEF79F19F4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p1:*:*:*:*:*:*", matchCriteriaId: "D6870C1E-E4A4-4666-89DB-D72C8100D27E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p2:*:*:*:*:*:*", matchCriteriaId: "BE183CA0-FFBB-4746-8BBE-5D1910DD2100", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p3:*:*:*:*:*:*", matchCriteriaId: "D04B5EBF-C94C-4A44-9A7E-75623CAF832C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p4:*:*:*:*:*:*", matchCriteriaId: "5723FDF4-198B-488E-B075-F528EC6E4D18", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p5:*:*:*:*:*:*", matchCriteriaId: "7E23A972-5BCA-4C7E-B6F9-AD54992861A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p6:*:*:*:*:*:*", matchCriteriaId: "1D00AFC9-8A9C-4BB1-9E60-BC6D552DC8E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:-:*:*:*:*:*:*", matchCriteriaId: "BFE4D0FF-6445-4E14-9536-ADB32662B346", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p1:*:*:*:*:*:*", matchCriteriaId: "C7FC4FDA-1C8D-4D7A-B5EA-D905FA830805", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p2:*:*:*:*:*:*", matchCriteriaId: "753AA0F3-09F4-4E34-8E72-FAFD8BFE18EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p3:*:*:*:*:*:*", matchCriteriaId: "9AC763FD-C143-4CA3-9A24-D50C9ED243D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p4:*:*:*:*:*:*", matchCriteriaId: "299C6CBE-905F-4E59-AF2F-89A1CD767916", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p5:*:*:*:*:*:*", matchCriteriaId: "78538461-1B7E-4712-AA8D-D2EA3477635B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p6:*:*:*:*:*:*", matchCriteriaId: "E3FF46F1-EF19-49D7-9EDD-44441C1A3F94", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p7:*:*:*:*:*:*", matchCriteriaId: "D9F91FB6-7D8F-4D89-B6BA-2C6DF15B9A51", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:-:*:*:*:*:*:*", matchCriteriaId: "5725106C-A650-4C24-9636-1200BD44CCA4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p1:*:*:*:*:*:*", matchCriteriaId: "F1501425-96F7-487B-9588-FDA2DAC3790A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p2:*:*:*:*:*:*", matchCriteriaId: "48D95998-9434-4AFF-9983-0D7AC34176A3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p3:*:*:*:*:*:*", matchCriteriaId: "D60BB309-860D-4D74-B08F-F94AFE84C881", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p4:*:*:*:*:*:*", matchCriteriaId: "F63E864E-6323-41B4-956F-51F9364DFAE2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:-:*:*:*:*:*:*", matchCriteriaId: "EC724282-7431-465E-8E60-4037121B8838", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p1:*:*:*:*:*:*", matchCriteriaId: "73151221-C102-4425-9316-1EE4CAAB6531", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p10:*:*:*:*:*:*", matchCriteriaId: "D1E9DDCD-6D22-4175-94EF-D8A5457E7355", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p11:*:*:*:*:*:*", matchCriteriaId: "35AB906F-43CD-4D54-8274-1FD551532E58", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p12:*:*:*:*:*:*", matchCriteriaId: "1ADC75F0-B27E-4B15-B829-482FBA0063A5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p13:*:*:*:*:*:*", matchCriteriaId: "D015D670-8AEA-49A3-8D22-9E3009322EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p14:*:*:*:*:*:*", matchCriteriaId: "C18F3CC3-9BCF-4DE8-B7CA-59587D5E61F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p15:*:*:*:*:*:*", matchCriteriaId: "E543BC0F-ADFB-4CF2-BC6C-90DC76BE3A95", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p16:*:*:*:*:*:*", matchCriteriaId: "28CE650B-BE03-4EDF-BE27-2FA6657F7A52", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p2:*:*:*:*:*:*", matchCriteriaId: "2356A4E6-561B-40CA-8348-B30D581B1E46", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p3:*:*:*:*:*:*", matchCriteriaId: "74509F3F-840E-48B8-88B1-EA4FFB90ACC3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p4:*:*:*:*:*:*", matchCriteriaId: "BE7BD528-628F-4CA9-9FE8-8A79BDC97680", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p5:*:*:*:*:*:*", matchCriteriaId: "26118C2B-78CC-4038-9DEA-7A9417029790", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p6:*:*:*:*:*:*", matchCriteriaId: "29EBC1DD-6949-4B12-8CA5-EE2BCDB8C4C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p7:*:*:*:*:*:*", matchCriteriaId: "4F445D93-D482-4A74-810D-66D78CBCAFED", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p8:*:*:*:*:*:*", matchCriteriaId: "2C9F200C-ECC9-4D51-AFE7-E99C16D09148", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p9:*:*:*:*:*:*", matchCriteriaId: "56B87CB5-0F77-4040-BB58-9DBF5723A4FD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8.15:*:*:*:*:*:*:*", matchCriteriaId: "F4B3321B-11AD-43EB-867C-FA4FA6A5421E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.9:*:*:*:*:*:*:*", matchCriteriaId: "DFB104CA-55CD-4B9E-A2F7-CC06E57663CB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "4975223D-9E31-4CEC-A4B6-C0996828B855", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "22E0F4A7-B8BD-42D1-92DB-2B510FFC9C36", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "C15C820B-4778-4B8F-8BD8-E996F1D4062D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:*", matchCriteriaId: "A42E70EE-2E23-4D92-ADE0-9177B9EDD430", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:*", matchCriteriaId: "01C91446-4A36-4FCE-A973-3E6F813FABC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p1:*:*:*:*:*:*", matchCriteriaId: "58281E62-E350-4B0D-9322-8BA1E1773CB2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p2:*:*:*:*:*:*", matchCriteriaId: "BF1A152E-5795-4319-BD4D-855DE19C744C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p3:*:*:*:*:*:*", matchCriteriaId: "438FCE7F-035A-4D89-96FE-EE5278C85493", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p4:*:*:*:*:*:*", matchCriteriaId: "80900F2C-7CFA-4C40-A6B5-51E12C3DA187", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p5:*:*:*:*:*:*", matchCriteriaId: "DDE9A060-1D4D-46E5-A34F-CC4CFA260D94", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p6:*:*:*:*:*:*", matchCriteriaId: "33F900E6-AE47-4789-A337-70C6BEF22895", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p7:*:*:*:*:*:*", matchCriteriaId: "AD2E5054-2151-414D-A88F-6697FF280D41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:-:*:*:*:*:*:*", matchCriteriaId: "3EB09361-372E-4F51-B255-C7D2DB41969F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p1:*:*:*:*:*:*", matchCriteriaId: "A36D6991-3728-4F60-A443-37652DFAA053", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p10:*:*:*:*:*:*", matchCriteriaId: "4142CC4E-9F0D-4017-8D17-D59FBCEB36F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p11:*:*:*:*:*:*", matchCriteriaId: "63C0F7CA-5F3C-41D4-AAD6-084643115D85", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p12:*:*:*:*:*:*", matchCriteriaId: "1D16C66D-15BF-4EB8-8D78-DF12A69BD7F8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p13:*:*:*:*:*:*", matchCriteriaId: "81C388DC-0941-4D08-8C1C-BD43D9B0DC8F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p14:*:*:*:*:*:*", matchCriteriaId: "45CD14D8-665A-46C5-8387-33FF266822A7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p15:*:*:*:*:*:*", matchCriteriaId: "D510329D-B39E-4E2B-AAEC-1FDA7869C9E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p16:*:*:*:*:*:*", matchCriteriaId: "4640FE06-4D22-442E-A0E0-76EEFAF6ECB4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p17:*:*:*:*:*:*", matchCriteriaId: "6A846C69-CA94-4F5E-9E02-69EA6680549E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p2:*:*:*:*:*:*", matchCriteriaId: "F3E63ECF-25CB-4E7F-BF51-B4D7B3541AE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p3:*:*:*:*:*:*", matchCriteriaId: "FF14DD4F-6779-4B17-AB1B-D4DE58E7E231", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p4:*:*:*:*:*:*", matchCriteriaId: "7AAEE176-631A-41B9-BC40-93F866DA9D5E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p5:*:*:*:*:*:*", matchCriteriaId: "75C963D5-F2D1-49EE-93B5-CA7FE7EAB98C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p6:*:*:*:*:*:*", matchCriteriaId: "9388D932-9818-4A68-9543-B0643166DB2A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p7:*:*:*:*:*:*", matchCriteriaId: "770A9287-C910-4690-9402-0C0B7BAC8912", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p8:*:*:*:*:*:*", matchCriteriaId: "3F8AC068-D5AC-4042-8A7C-5B95EA0E85F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p9:*:*:*:*:*:*", matchCriteriaId: "B503F1F7-F439-420D-B465-9A51CCECAB06", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "27948B08-C452-41FB-B41F-6ADB3AAE087E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8AB8FB4C-5BBC-420D-84F0-C8424DC25CD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CAF1F14C-DB2C-40A8-B899-C127C7ECC0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E87FA9CC-D201-430F-8FE6-8C9A88CEAB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_provisioning:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4D7F2743-71BB-4011-B919-7E8032B6B72F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:kvm:*:*:*", matchCriteriaId: "3738FAC6-B90B-4014-9E86-17ED6D19D23D", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:openflow:*:*:*", matchCriteriaId: "35B6634E-4F09-423C-87E7-59D4127CC023", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:vmware:*:*:*", matchCriteriaId: "0A7A7100-A1DA-4191-A4C1-D930829A3DC2", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:starter_kit_for_cloud:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "83739ED7-37F1-4712-8C81-E56F58790240", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:workload_deployer:*:*:*:*:*:*:*:*", matchCriteriaId: "1CDD227E-1F98-4F73-BB65-3820F39127F0", versionEndIncluding: "3.1.0.7", versionStartIncluding: "3.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "EA4B8E11-83D3-4B38-90B6-4C0F536D06B6", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "250AF7A4-8DDF-427C-8BF7-788667908D77", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "22433CE0-9772-48CE-8069-612FF3732C21", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "2569AA28-5C61-4BBD-A501-E1ACFA36837B", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3AB188A2-D7CE-4141-A55A-C074C84E366E", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "DE776097-1DA4-4F27-8E96-61E3D9FFE8D0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "FE4E5283-0FEE-4F37-9C41-FA695063FF79", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "73EB6121-62CD-49FC-A1D2-5467B007253C", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97E19969-DD73-42F2-9E91-504E1663B268", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F9CC2E05-5179-4241-A710-E582510EEB0D", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB18F38-AC6A-406A-A4DD-40688B803744", versionEndExcluding: "1.4.3.5", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DFE781C8-40F7-4F6D-8FED-8EB3071FE9DB", versionEndExcluding: "1.5.0.4", versionStartIncluding: "1.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5AB3395-B458-49F8-A8E3-25FF0C1C3BD3", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1EC57FAE-AD4D-4C9F-97A4-581C977B5FE4", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47A17EE0-7D3E-4CD7-984C-BB17BF6F4BFD", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33A46CF2-392A-4BB9-B4BF-DE8C5228CAAE", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C4EF774-BD92-444D-9583-25DB97CDA4F3", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8753BBDB-A858-4A51-A8FD-8DF8DF2734A0", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FB9850A-3308-4277-A68C-AD418612101E", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C84D7A48-6745-49D3-AE52-31DD7EEC0D61", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A1A3A3E-5636-4422-9B7B-B3D97989E674", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7384B993-049F-48D7-86D6-FE221C783245", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B1DF6129-9CEA-4812-800F-A6FD5095D60E", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79788A89-4152-4B4B-BFF0-518D90EE4D2B", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "680738C5-63D5-4F60-9610-FD0D87FCBBCA", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "872E2102-6BE6-42B6-93B0-942B7DABCBDA", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:flex_system_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "DACA26CF-7C3F-4215-B032-ED9C5EFD57D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6E31991-DF33-4F00-8430-7B626E8174CE", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2E25BB0-6F5A-4A7B-9147-D4E17014C747", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B80C1675-4948-45DC-B593-EDB1354E42F3", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1CE69F8D-5EEE-4BC7-939C-CE71BCD2E11D", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDEC166F-A967-4616-B9EF-503054EFD197", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "713E71BC-16F5-41E3-9816-74D5E8D8C9A9", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn6500:-:*:*:*:*:*:*:*", matchCriteriaId: "4D2487E0-046C-476F-BFF4-EF77D9E856D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0287F3CD-2151-491D-8BC3-6D3921BE8FFA", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C4179899-87B4-42C3-8245-9A34EC04F6A1", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B8CED766-9742-4037-8005-F0BDDE9176DD", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn6800:-:*:*:*:*:*:*:*", matchCriteriaId: "C41EEAEC-08AE-4478-8977-5A4D7B48C175", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "298C961D-5E5F-4277-B192-A4C29243BECC", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A76C40-BA90-4FBD-8DFF-4AF8F952963A", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B0663FBC-01C0-4AD8-A0B8-6097E537D352", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn7800:-:*:*:*:*:*:*:*", matchCriteriaId: "CE145DE3-3C9B-4949-B6D4-9B259372CCE0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", matchCriteriaId: "01EDA41C-6B2E-49AF-B503-EB3882265C11", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:10.3:*:*:*:*:*:*:*", matchCriteriaId: "0ABC25E5-76CD-469B-879A-B1F7109D0181", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11:*:*:*:*:*:*:*", matchCriteriaId: "98942F6C-330F-459A-B2B4-72572DB4070E", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.1:*:*:*:*:*:*:*", matchCriteriaId: "F5A92B0C-7256-45F0-8E0C-ADFEF36CF43D", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.2:*:*:*:*:*:*:*", matchCriteriaId: "8C0BAB94-6521-4B57-9E56-A57BA5E20C24", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3A7788E5-93B9-4149-8823-2ACBA5CF17E0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:open_enterprise_server:2.0:sp3:*:*:*:linux_kernel:*:*", matchCriteriaId: "B41B4ECD-6F30-46F5-A559-1CEFC7964873", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:open_enterprise_server:11.0:sp2:*:*:*:linux_kernel:*:*", matchCriteriaId: "D42ADCD9-1455-401C-B94F-D367A78A2B97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:checkpoint:security_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2853A787-E5F1-4455-9482-7C538B80556C", versionEndExcluding: "r77.30", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "79618AB4-7A8E-4488-8608-57EC2F8681FE", versionEndIncluding: "10.2.4", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8E910D60-1145-4229-9890-80D2D67C3845", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "48BBEF73-E87D-467F-85EB-47BE212DF0E8", versionEndIncluding: "11.5.1", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B276E4DF-69FC-4158-B93A-781A45605034", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "EE23220D-E364-41B7-A440-43B3AA4A716A", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C483253F-841E-4D4E-9B4A-932E9D07268B", versionEndIncluding: "11.5.1", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B40837-EC2B-41FB-ACC3-806054EAF28C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "667D3780-3949-41AC-83DE-5BCB8B36C382", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4F0E7766-BDB4-42AB-B6CC-6B4E86A10038", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "475F0EF8-42CB-4099-9C4A-390F946C4924", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "A8347412-DC42-4B86-BF6E-A44A5E1541ED", versionEndIncluding: "10.2.4", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "C8942D9D-8E3A-4876-8E93-ED8D201FF546", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7B5AF8C8-578E-4FD7-8BAA-53A57EE4C653", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "06BA93C0-A7AE-4A8E-BD74-08149A204463", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D7D7863D-B064-4D7A-A66B-C3D3523425FD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "1DF6BB8A-FA63-4DBC-891C-256FF23CBCF0", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "3E0D8F52-0EAD-4E02-A8D8-CBAE2CDC703B", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "5CDEC701-DAB3-4D92-AA67-B886E6693E46", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "289CEABB-22A2-436D-AE4B-4BDA2D0EAFDB", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C6D61BF2-69D8-4AD2-85CD-D87F640A6888", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E9A06D61-E6CB-4A8A-B06D-9FEA1812C167", versionEndIncluding: "11.5.1", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "2C0B4C01-C71E-4E35-B63A-68395984E033", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "9828CBA5-BB72-46E2-987D-633A5B3E2AFF", versionEndIncluding: "11.4.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BB60C39D-52ED-47DD-9FB9-2B4BC8D9F8AC", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "68BC025A-D45E-45FB-A4E4-1C89320B5BBE", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "AE007A64-5867-4B1A-AEFB-3AB2CD6A5EA4", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "7C75978B-566B-4353-8716-099CB8790EE0", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "BC24B891-6DBA-4C02-B4CF-8D1CA53B4B74", versionEndIncluding: "4.4.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*", matchCriteriaId: "0BB0FDAC-C49D-4E63-ACA9-7BAD7C93A5D2", versionEndIncluding: "4.4.0", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*", matchCriteriaId: "3AEB1FC5-1179-4DE9-99A2-D650167A7A60", versionEndIncluding: "4.4.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0ADD1B04-9F78-40B3-8314-6935277073B0", versionEndIncluding: "2.3.0", versionStartIncluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "482E630B-93A1-4B9B-8273-821C116ADC4F", versionEndIncluding: "3.1.1", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "1343FBDC-4BF0-403B-B257-96672F092263", versionEndIncluding: "4.0.5", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "7C138527-73D3-4AEE-BFAB-1D240A585A0F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8F2EB3D6-EF4C-4241-A31E-3990664004A7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8F0CD8F8-26CE-43F0-87EB-A08F1D1EDB25", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1D1168D2-93D5-4415-A666-B4BE0B2AC201", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48A2FBA9-207F-4F16-932D-BF0BA3440503", versionEndIncluding: "6.4.0", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*", matchCriteriaId: "4C6AC80F-9D91-468D-BEE3-6A0759723673", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF1DB4B7-AFCC-4D56-95BA-C66AB7A36680", versionEndExcluding: "9.3.67.5r1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "665EF643-3CDC-4518-9693-0D49F0870283", versionEndExcluding: "10.1.129.11r1", versionStartIncluding: "10", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BAE3CC45-49E5-40DE-B5C3-52A754A9C599", versionEndExcluding: "10.5.52.11r1", versionStartIncluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_sdx:-:*:*:*:*:*:*:*", matchCriteriaId: "8968E39A-1E16-4B7F-A16A-190EBC20D04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "864B5480-704F-4636-A938-7D95AD4223AD", versionEndExcluding: "10.10.0", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:*:*:*:*:*:*:*", matchCriteriaId: "35D34345-0AD1-499C-9A74-982B2D3F305A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_1:*:*:*:*:*:*", matchCriteriaId: "3DF3F07E-6F4E-4B97-B313-7DA3E8A88451", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_2:*:*:*:*:*:*", matchCriteriaId: "5C98B0EA-7A52-4BDF-90C2-38797FC2B75A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:*:*:*:*:*:*:*", matchCriteriaId: "FECF06B5-3915-48F0-A140-41C7A27EE99D", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_1:*:*:*:*:*:*", matchCriteriaId: "BBD8B161-0A07-492F-89E4-7A0BD02F6464", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_2:*:*:*:*:*:*", matchCriteriaId: "F3E8E0E1-FF63-425D-8C22-86B16CFB7B1A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.5:-:*:*:*:*:*:*", matchCriteriaId: "29DF8DD7-B5CC-4152-A726-1D48459068D0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.5:update_1:*:*:*:*:*:*", matchCriteriaId: "DB2E2AAD-E221-4227-A41B-DC01BFDFCD6C", vulnerable: true, }, { criteria: "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BC337BB7-9A45-4406-A783-851F279130EE", vulnerable: true, }, { criteria: "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*", matchCriteriaId: "0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.", }, { lang: "es", value: "GNU Bash hasta la versión 4.3 procesa cadenas finales después de las definiciones de funciones en los valores de variables de entorno, lo que permite a atacantes remotos ejecutar código arbitrario a través de un entorno manipulado, tal como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en las cuales el ajuste de entorno ocurre a través de un límite privilegiado de la ejecución de Bash, también conocido como \"ShellShock.\" NOTA: la reparación original para este problema era incorrecta; CVE-2014-7169 ha sido asignada para cubrir la vulnerabilidad que todavía está presente después de la solución incorrecta.", }, ], id: "CVE-2014-6271", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2014-09-24T18:48:04.477", references: [ { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0388.html", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { source: "security@debian.org", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", }, { source: "security@debian.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1293.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1294.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142546741516006&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1293.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1294.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1295.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/58200", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59272", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59737", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59907", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60024", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60034", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60044", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60055", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60063", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60193", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60325", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60433", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60947", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61065", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61128", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61129", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61188", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61283", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61287", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61291", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61312", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61313", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61328", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61442", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61471", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61485", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61503", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61542", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61547", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61550", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61552", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61565", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61603", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61633", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61641", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61643", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61654", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61676", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61700", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61703", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61711", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61715", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61780", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61816", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61855", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61857", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61873", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62228", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62312", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62343", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6495", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://support.novell.com/security/cve/CVE-2014-6271.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { source: "security@debian.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-3032", }, { source: "security@debian.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/70103", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2362-1", }, { source: "security@debian.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://access.redhat.com/articles/1200223", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://access.redhat.com/node/1200223", }, { source: "security@debian.org", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT6535", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX200217", }, { source: "security@debian.org", tags: [ "Permissions Required", ], url: "https://support.citrix.com/article/CTX200223", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { source: "security@debian.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/34879/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/37816/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/38849/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/39918/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40619/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40938/", }, { source: "security@debian.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/42938/", }, { source: "security@debian.org", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/support/shellshock/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0388.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1293.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1294.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142546741516006&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1293.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1294.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1295.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/58200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59737", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/59907", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60055", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/60947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61065", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61313", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61328", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61471", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61550", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61552", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61565", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61700", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61855", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61857", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/61873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://secunia.com/advisories/62343", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.novell.com/security/cve/CVE-2014-6271.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-3032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/70103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2362-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://access.redhat.com/articles/1200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://access.redhat.com/node/1200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT6535", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX200217", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://support.citrix.com/article/CTX200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/34879/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/37816/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/38849/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/39918/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40619/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40938/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/42938/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/support/shellshock/", }, ], sourceIdentifier: "security@debian.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-07 14:29
Modified
2024-11-21 04:02
Severity ?
Summary
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "E21EF678-8293-4EB3-BEA1-B35262A1C235", versionEndExcluding: "3.16.72", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "458642C9-EADA-40E1-BBD4-F93D0220E4BD", versionEndExcluding: "3.18.140", versionStartIncluding: "3.17", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AE7DF4B1-8B78-42F2-A108-584CA5F8DBF5", versionEndExcluding: "4.4.180", versionStartIncluding: "3.19", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "9A08496C-3120-48ED-B9B6-180169E0EA86", versionEndExcluding: "4.9.175", versionStartIncluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "64B07173-A2F3-4A68-AD8A-EB01E3580532", versionEndExcluding: "4.14.118", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "BD5E80B1-CDA7-409E-8729-298910620147", versionEndExcluding: "4.19.42", versionStartIncluding: "4.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BD2438E2-0693-45E0-998E-0E9010525E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "42836A1C-81BB-4F80-9E32-EEE0DAA18D26", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*", matchCriteriaId: "F74F467A-0C81-40D9-BA06-40FB8EF02C04", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "345A90A9-6F29-4620-AA13-D54F9C6D2617", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", matchCriteriaId: "13270F58-E106-48CE-9933-E68AABBBFC21", versionStartIncluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB", versionStartIncluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.", }, { lang: "es", value: "Fue descubierto un fallo en el kernel de Linux anterior a 4.20. Hay una condición de carrera en smp_task_timedout() y smp_task_done() en drivers/scsi/libsas/sas_expander.c, permitiendo el uso después de liberación de memoria.", }, ], id: "CVE-2018-20836", lastModified: "2024-11-21T04:02:16.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-07T14:29:00.303", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108196", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/13", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/18", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K11225249", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4076-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4495", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4497", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K11225249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4076-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4497", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-28 19:29
Modified
2024-11-21 04:44
Severity ?
Summary
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | libcurl | * | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 42.3 | |
| fedoraproject | fedora | 29 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| f5 | traffix_signaling_delivery_controller | * | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| oracle | enterprise_manager_ops_center | 12.3.3 | |
| oracle | enterprise_manager_ops_center | 12.4.0 | |
| oracle | mysql_server | * | |
| oracle | mysql_server | * | |
| oracle | oss_support_tools | 20.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", matchCriteriaId: "18D5BEE8-2C04-4882-9C6D-754C0373E924", versionEndIncluding: "7.64.1", versionStartIncluding: "7.19.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "E9963770-142A-4D06-9D50-E137795A96DA", versionEndIncluding: "5.7.27", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "706073CA-6C46-4480-9C4B-4DB9B1B9F4EB", versionEndIncluding: "8.0.17", versionStartIncluding: "5.7.28", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*", matchCriteriaId: "8252A7F5-2FB5-4E73-864D-D11F21F5EC56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", }, { lang: "es", value: "Un desbordamiento de búfer en la memoria dinámica (heap) del código de recepción TFTP, permite la ejecución de código arbitrario o una Denegación de Servicio (DoS) en las versiones de libcurl 7.19.4 hasta 7.64.1.", }, ], id: "CVE-2019-5436", lastModified: "2024-11-21T04:44:55.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-28T19:29:06.127", references: [ { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/09/11/6", }, { source: "support@hackerone.com", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, { source: "support@hackerone.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", }, { source: "support@hackerone.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/36", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-29", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190606-0004/", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K55133295", }, { source: "support@hackerone.com", url: "https://support.f5.com/csp/article/K55133295?utm_source=f5support&%3Butm_medium=RSS", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4633", }, { source: "support@hackerone.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "support@hackerone.com", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "support@hackerone.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/09/11/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Feb/36", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-29", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190606-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K55133295", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K55133295?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, ], sourceIdentifier: "support@hackerone.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "support@hackerone.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-03 16:15
Modified
2024-11-21 03:52
Severity ?
Summary
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tcpdump | tcpdump | * | |
| f5 | traffix_signaling_delivery_controller | * | |
| tcpdump | tcpdump | * | |
| apple | mac_os_x | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "F15588EA-D854-4694-97C6-53D9AA8B6F2D", versionEndExcluding: "10.15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().", }, { lang: "es", value: "El analizador DCCP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-dccp.c:dccp_print_option().", }, ], id: "CVE-2018-16229", lastModified: "2024-11-21T03:52:20.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-03T16:15:12.490", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-19 00:15
Modified
2024-11-21 04:21
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "17F8005D-23A1-4666-B194-18D895721E7A", versionEndExcluding: "4.4.182", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "966342A3-015F-4BCC-A513-335362A79A26", versionEndExcluding: "4.9.182", versionStartIncluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "1A632572-BC71-422E-B953-346709BA1658", versionEndExcluding: "4.14.127", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C91C6131-9445-46E6-960B-76E8A34DC7E4", versionEndExcluding: "4.19.52", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "E0E372D7-8DD5-45E7-9C26-CF389B1A09A5", versionEndExcluding: "5.1.11", versionStartIncluding: "4.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "33AF102E-2851-45B5-8C71-B393F34D4591", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5E4EA2A9-C197-40D4-A6AE-A64D69536F99", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5A3215E6-7223-4AF1-BFD3-BD8AE9B6B572", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "720A06E3-441B-4D51-8FC0-D569DD7FEB10", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6FF1C75A-F753-40CB-9E26-DA6D31931DDC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A057B236-8B7C-430D-B107-8FF96D132E73", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2D7877E8-E50F-4DC6-867D-C19A8DB533E3", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "899BE6FE-B23F-4236-8A5E-B41AFF28E533", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "66FC8C37-629D-4FBA-9C79-615BDDCF7837", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "66FCB095-3E70-472A-AB9D-60F001F3A539", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FA39C4F5-4D97-4B0B-8DA9-780F7ACF0A74", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D2833083-97E9-4B3C-8E6B-BCAC1851D148", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B8C7C45A-CC14-4092-903C-3001986D2859", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "42EBAE78-C03E-42C9-AC2D-D654A8DF8516", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "75D817B1-EC06-4180-B272-067299818B09", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0E3A4646-9AAA-445E-A08F-226D41485DC2", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "09C950E6-BF12-43D4-9125-AD9D90EDD67A", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "255D11E3-F502-45CD-8958-5989F179574E", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E72B035F-97C1-41C6-B424-F3929B9D7A99", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E058E775-EAAA-46DF-9F3D-A8D042AAFD88", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9AD3B4BB-7F5C-4565-9345-2D4895630AAD", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B872A0D5-9B23-40F2-8AAB-253A4F406D18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "10A57948-C53A-4CD0-801B-7E801D08E112", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "F367EED9-1F71-4720-BE53-3074FF6049C9", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "20BF15AA-1183-489E-A24A-FFB5BFD84664", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "83B684D2-5889-41EA-B54A-8E7AF43DA647", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "45D0AF1B-9106-4C38-B1A2-87FC189ADBAB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8E4A258E-4F20-4C3C-8269-CD7554539EC6", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1A5E9908-C959-48FD-8FAC-C0FE329E6FD8", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "442A56A6-935D-427A-8562-144DD770E317", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6434ED4F-0BA2-445A-B6E9-D3E301EE3930", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA668DC-EFB6-44C3-8521-47BB9F474DD1", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C23EFF81-0FF4-4B4A-BAC3-85EC62230099", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "24AB3C9F-77E5-4D87-A9C1-366B087E7F68", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D17CC587-3325-4D95-BE63-B948C63B411D", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "24904D5C-58FF-49B0-B598-F798BAD110E6", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "DE11CCA1-58BF-462E-A0DE-49F3BC1C5499", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "639FCD86-C487-40DD-9840-8931FAF5DF3A", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "1117B40B-36E7-4205-82B0-52B4862A6D03", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "12F0D363-0DE8-4E32-9187-D7ACA0868BD8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DB112ABE-C07E-480F-8042-6321E602183D", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9A751827-1169-408E-BCE6-A129BDDB489D", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "428C4BEA-AFDA-45EC-9D5F-DDF409461C33", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "717C0443-3E88-4814-8D4A-F0C067176228", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C3879431-2E02-4B6C-BB4F-C2FF631A0974", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "7865E258-CDA0-43A5-9945-81E07BF11A82", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "CAECED76-81A2-4A0C-8C2E-24C235BB32DE", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "BDC38EF1-6210-40A1-88FC-964C470E41BA", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "713EB3E7-A657-4F6A-901D-618AF660CBBC", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EACA0835-51AD-4AC0-8C87-5564F3A821CD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "B572C267-AF06-4270-8FDC-18EBDDED7879", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "88B12CA1-E853-4898-8A06-F991BE19A27A", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4C98DCCF-2D89-4C05-A0AE-60CF8228B860", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "B439DE9D-6A09-4487-82A4-E75A57717CAB", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CA4F1CFB-0FD9-4AEB-BF25-093115F9D891", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "19428E8B-18C2-413A-A3C0-AC6AB9F952F2", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "6166E0DB-2BA5-454D-ABBC-9E4916436A44", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "F42F4AF6-4BCC-497E-A889-0BBCA965CB32", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "AEC2164D-11D0-4DCD-B814-6AB185C3BADF", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "AA4AE425-1D86-4DB9-8B8F-74C6678BD528", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", matchCriteriaId: "8D305F7A-D159-4716-AB26-5E38BB5CD991", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*", matchCriteriaId: "AF483911-003B-470B-A12B-85EF34A50469", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "79191794-6151-46E9-AAFD-3EC0C05B03B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*", matchCriteriaId: "893A7EE9-495D-405A-B809-39DC80778B2A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", matchCriteriaId: "C60FA8B1-1802-4522-A088-22171DCF7A93", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*", matchCriteriaId: "97D046F5-FF1A-41A7-8EDE-2C93E335906E", vulnerable: true, }, { criteria: "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*", matchCriteriaId: "C1C8792C-1CF0-450B-A8BD-2B5274156053", vulnerable: true, }, { criteria: "cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "B3CCBFDE-C2FA-40E3-AA44-0EB0A6861BD4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.", }, { lang: "es", value: "Jonathan Looney descubrió que la implementación de la cola de retransmisión de TCP en tcp_fragment en el kernel de Linux podría estar fragmentada cuando se manejan ciertas secuencias de Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podría usar esto para causar una denegación de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en el commit f070ef2ac66716357066b683fb0baf55f8191a2e.", }, ], id: "CVE-2019-11478", lastModified: "2024-11-21T04:21:09.703", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@ubuntu.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-19T00:15:12.687", references: [ { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", }, { source: "security@ubuntu.com", url: "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", }, { source: "security@ubuntu.com", url: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", }, { source: "security@ubuntu.com", url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { source: "security@ubuntu.com", url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { source: "security@ubuntu.com", url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { source: "security@ubuntu.com", url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { source: "security@ubuntu.com", url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { source: "security@ubuntu.com", url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { source: "security@ubuntu.com", url: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", }, { source: "security@ubuntu.com", url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { source: "security@ubuntu.com", url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { source: "security@ubuntu.com", url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { source: "security@ubuntu.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", }, { source: "security@ubuntu.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { source: "security@ubuntu.com", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { source: "security@ubuntu.com", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", }, { source: "security@ubuntu.com", url: "https://seclists.org/bugtraq/2019/Jul/30", }, { source: "security@ubuntu.com", url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K26618426", }, { source: "security@ubuntu.com", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { source: "security@ubuntu.com", url: "https://www.kb.cert.org/vuls/id/905115", }, { source: "security@ubuntu.com", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security@ubuntu.com", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security@ubuntu.com", url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { source: "security@ubuntu.com", url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Jul/30", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K26618426", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.kb.cert.org/vuls/id/905115", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "security@ubuntu.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-03 16:15
Modified
2024-11-21 03:49
Severity ?
Summary
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | traffix_signaling_delivery_controller | * | |
| tcpdump | tcpdump | * | |
| apple | mac_os_x | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "F15588EA-D854-4694-97C6-53D9AA8B6F2D", versionEndExcluding: "10.15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().", }, { lang: "es", value: "El analizador de argumentos de la línea de comandos en tcpdump versiones anteriores a 4.9.3, presenta un desbordamiento de búfer en tcpdump.c:get_next_file().", }, ], id: "CVE-2018-14879", lastModified: "2024-11-21T03:49:59.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.1, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-03T16:15:12.133", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://support.f5.com/csp/article/K51512510?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K51512510?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-07 17:29
Modified
2024-11-21 03:59
Severity ?
Summary
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*", matchCriteriaId: "FA3FFA12-CA9C-4DD1-8FDB-BFFA4268129C", versionEndIncluding: "0.11.0", versionStartIncluding: "0.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "F6455EB1-C741-45E8-A53E-E7AD7A5D00EE", versionEndExcluding: "11.2.0.3.23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "BFD43191-E67F-4D1B-967B-3C7B20331945", versionEndExcluding: "12.2.0.1.19", versionStartIncluding: "12.2.0.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", matchCriteriaId: "062C588A-CBBA-470F-8D11-2F961922E927", versionEndExcluding: "13.9.4.2.1", versionStartIncluding: "13.9.4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", matchCriteriaId: "63C59FA7-F321-4475-9F71-D78E0C890866", versionEndExcluding: "19.3.12", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.", }, { lang: "es", value: "La librería de cliente Java de Apache Thrift, desde la versión 0.5.0 hasta la 0.11.0, puede omitir la validación de la negociación de SASL \"isComplete\" en la clase org.apache.thrift.transport.TSaslTransport. Una aserción utilizada para determinar si el handshake SASL se ha completado de manera exitosa podría deshabilitarse en los ajustes de producción, prohibiendo que la validación se complete.", }, ], id: "CVE-2018-1320", lastModified: "2024-11-21T03:59:37.200", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-07T17:29:00.360", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/24/3", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106551", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54%40%3Ccommits.cassandra.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9%40%3Cdevnull.infra.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d%40%3Ccommits.cassandra.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816%40%3Ccommits.cassandra.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be%40%3Ccommits.cassandra.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3%40%3Cuser.thrift.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f%40%3Cdev.storm.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc%40%3Cuser.storm.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5%40%3Ccommits.cassandra.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5%40%3Ccommits.cassandra.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16%40%3Ccommits.cassandra.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459%40%3Ccommits.cassandra.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3%40%3Ccommits.cassandra.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K36361684", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/24/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54%40%3Ccommits.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9%40%3Cdevnull.infra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d%40%3Ccommits.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816%40%3Ccommits.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be%40%3Ccommits.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3%40%3Cuser.thrift.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f%40%3Cdev.storm.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc%40%3Cuser.storm.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5%40%3Ccommits.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5%40%3Ccommits.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16%40%3Ccommits.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459%40%3Ccommits.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3%40%3Ccommits.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K36361684", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-19 00:15
Modified
2024-11-21 04:21
Severity ?
Summary
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "190D94DD-9CDB-413B-9A15-BFBDB1BB127C", versionEndExcluding: "3.16.69", versionStartIncluding: "2.6.29", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "D641CA66-86A4-4172-9D98-206C31578C5E", versionEndExcluding: "4.4.182", versionStartIncluding: "3.17", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "966342A3-015F-4BCC-A513-335362A79A26", versionEndExcluding: "4.9.182", versionStartIncluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "1A632572-BC71-422E-B953-346709BA1658", versionEndExcluding: "4.14.127", versionStartIncluding: "4.10", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "C91C6131-9445-46E6-960B-76E8A34DC7E4", versionEndExcluding: "4.19.52", versionStartIncluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "E0E372D7-8DD5-45E7-9C26-CF389B1A09A5", versionEndExcluding: "5.1.11", versionStartIncluding: "4.20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "33AF102E-2851-45B5-8C71-B393F34D4591", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5E4EA2A9-C197-40D4-A6AE-A64D69536F99", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5A3215E6-7223-4AF1-BFD3-BD8AE9B6B572", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "720A06E3-441B-4D51-8FC0-D569DD7FEB10", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6FF1C75A-F753-40CB-9E26-DA6D31931DDC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A057B236-8B7C-430D-B107-8FF96D132E73", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2D7877E8-E50F-4DC6-867D-C19A8DB533E3", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "899BE6FE-B23F-4236-8A5E-B41AFF28E533", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "66FC8C37-629D-4FBA-9C79-615BDDCF7837", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "66FCB095-3E70-472A-AB9D-60F001F3A539", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FA39C4F5-4D97-4B0B-8DA9-780F7ACF0A74", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D2833083-97E9-4B3C-8E6B-BCAC1851D148", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B8C7C45A-CC14-4092-903C-3001986D2859", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "42EBAE78-C03E-42C9-AC2D-D654A8DF8516", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "75D817B1-EC06-4180-B272-067299818B09", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0E3A4646-9AAA-445E-A08F-226D41485DC2", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "09C950E6-BF12-43D4-9125-AD9D90EDD67A", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "255D11E3-F502-45CD-8958-5989F179574E", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E72B035F-97C1-41C6-B424-F3929B9D7A99", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E058E775-EAAA-46DF-9F3D-A8D042AAFD88", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9AD3B4BB-7F5C-4565-9345-2D4895630AAD", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B872A0D5-9B23-40F2-8AAB-253A4F406D18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "10A57948-C53A-4CD0-801B-7E801D08E112", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "F367EED9-1F71-4720-BE53-3074FF6049C9", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "20BF15AA-1183-489E-A24A-FFB5BFD84664", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "83B684D2-5889-41EA-B54A-8E7AF43DA647", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "45D0AF1B-9106-4C38-B1A2-87FC189ADBAB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8E4A258E-4F20-4C3C-8269-CD7554539EC6", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1A5E9908-C959-48FD-8FAC-C0FE329E6FD8", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "442A56A6-935D-427A-8562-144DD770E317", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6434ED4F-0BA2-445A-B6E9-D3E301EE3930", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1DA668DC-EFB6-44C3-8521-47BB9F474DD1", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C23EFF81-0FF4-4B4A-BAC3-85EC62230099", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "24AB3C9F-77E5-4D87-A9C1-366B087E7F68", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D17CC587-3325-4D95-BE63-B948C63B411D", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "24904D5C-58FF-49B0-B598-F798BAD110E6", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "DE11CCA1-58BF-462E-A0DE-49F3BC1C5499", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "639FCD86-C487-40DD-9840-8931FAF5DF3A", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "1117B40B-36E7-4205-82B0-52B4862A6D03", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "12F0D363-0DE8-4E32-9187-D7ACA0868BD8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DB112ABE-C07E-480F-8042-6321E602183D", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9A751827-1169-408E-BCE6-A129BDDB489D", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "428C4BEA-AFDA-45EC-9D5F-DDF409461C33", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "717C0443-3E88-4814-8D4A-F0C067176228", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C3879431-2E02-4B6C-BB4F-C2FF631A0974", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "7865E258-CDA0-43A5-9945-81E07BF11A82", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "CAECED76-81A2-4A0C-8C2E-24C235BB32DE", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "BDC38EF1-6210-40A1-88FC-964C470E41BA", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "713EB3E7-A657-4F6A-901D-618AF660CBBC", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EACA0835-51AD-4AC0-8C87-5564F3A821CD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "B572C267-AF06-4270-8FDC-18EBDDED7879", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "88B12CA1-E853-4898-8A06-F991BE19A27A", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4C98DCCF-2D89-4C05-A0AE-60CF8228B860", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "B439DE9D-6A09-4487-82A4-E75A57717CAB", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CA4F1CFB-0FD9-4AEB-BF25-093115F9D891", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "19428E8B-18C2-413A-A3C0-AC6AB9F952F2", versionEndIncluding: "11.6.4", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "6166E0DB-2BA5-454D-ABBC-9E4916436A44", versionEndIncluding: "12.1.4", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "F42F4AF6-4BCC-497E-A889-0BBCA965CB32", versionEndIncluding: "13.1.1", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "AEC2164D-11D0-4DCD-B814-6AB185C3BADF", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "AA4AE425-1D86-4DB9-8B8F-74C6678BD528", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", matchCriteriaId: "8D305F7A-D159-4716-AB26-5E38BB5CD991", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*", matchCriteriaId: "AF483911-003B-470B-A12B-85EF34A50469", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "79191794-6151-46E9-AAFD-3EC0C05B03B1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*", matchCriteriaId: "893A7EE9-495D-405A-B809-39DC80778B2A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", matchCriteriaId: "C60FA8B1-1802-4522-A088-22171DCF7A93", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*", matchCriteriaId: "97D046F5-FF1A-41A7-8EDE-2C93E335906E", vulnerable: true, }, { criteria: "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*", matchCriteriaId: "C1C8792C-1CF0-450B-A8BD-2B5274156053", vulnerable: true, }, { criteria: "cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "B3CCBFDE-C2FA-40E3-AA44-0EB0A6861BD4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.", }, { lang: "es", value: "Jonathan Looney detectó que el valor TCP_SKB_CB(skb)-mayor que tcp_gso_segs estuvo sujeto a un desbordamiento de enteros en el kernel de Linux durante el manejo del Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podría usar esto para causar una denegación de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en el commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.", }, ], id: "CVE-2019-11477", lastModified: "2024-11-21T04:21:09.480", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security@ubuntu.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-19T00:15:12.640", references: [ { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/20/3", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", }, { source: "security@ubuntu.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K78234183", }, { source: "security@ubuntu.com", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/905115", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/20/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K78234183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/905115", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "security@ubuntu.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-03 16:15
Modified
2024-11-21 03:49
Severity ?
Summary
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tcpdump | tcpdump | * | |
| f5 | traffix_signaling_delivery_controller | * | |
| tcpdump | tcpdump | * | |
| apple | mac_os_x | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "F15588EA-D854-4694-97C6-53D9AA8B6F2D", versionEndExcluding: "10.15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.", }, { lang: "es", value: "El analizador de VRRP en tcpdump versiones anteriores a 4.9.3 presenta una lectura excesiva del búfer en print-vrrp.c:vrrp_print() para la versión 2 de VRRP, una vulnerabilidad diferente a la CVE-2019-15167.", }, ], id: "CVE-2018-14463", lastModified: "2024-11-21T03:49:07.617", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-03T16:15:11.570", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-10 02:29
Modified
2024-11-21 04:00
Severity ?
Summary
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | binutils | 2.31 | |
| netapp | vasa_provider | * | |
| netapp | cluster_data_ontap | - | |
| f5 | traffix_signaling_delivery_controller | * | |
| f5 | traffix_signaling_delivery_controller | 4.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:binutils:2.31:*:*:*:*:*:*:*", matchCriteriaId: "CE48E8C1-83EE-4E3E-BD7E-0E9F6A2F9623", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:*:*:*", matchCriteriaId: "B65B11A5-728E-4952-824E-051DFC00259B", versionStartIncluding: "7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:cluster_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "6D877693-7976-44ED-AE10-EADF8C98ACB2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", }, { lang: "es", value: "La función _bfd_generic_read_minisymbols en syms.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31, tiene una fuga de memoria mediante un archivo ELF manipulado, que conduce a una denegación de servicio (consumo de memoria), tal y como queda demostrado con nm.", }, ], id: "CVE-2018-20002", lastModified: "2024-11-21T04:00:43.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-10T02:29:00.390", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106142", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201908-01", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190221-0004/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", }, { source: "cve@mitre.org", url: "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K62602089", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4336-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201908-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190221-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K62602089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4336-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-06 16:15
Modified
2024-11-21 05:34
Severity ?
Summary
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K50046200 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K50046200 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "85EE39BF-86AA-498B-BF51-EDCD7BD01376", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EA130AF7-C25F-4C0B-ACAF-E7436C722431", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1AE785C8-06CA-4B15-A72D-A7EB0F0895D7", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "58C8E163-2A45-4C64-A7C2-5686C1EB3C78", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "83963214-62C5-49F7-BA25-0D2440C910E8", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FC5CA1E2-341C-42A9-88AC-E6C83DED0B9D", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C6917369-D3C2-42EB-B73B-F86CE2F17401", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1845A169-7B6C-4B7D-B8FC-0245DC1B4EEF", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F1212E1D-1A8F-4C6C-9472-22CE48F21B61", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E17D443D-9E5D-4F41-A539-6D7842B21E25", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "650355BC-70D0-49C2-9256-8D256A145038", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "16EBA08B-8FBD-47BE-A5BE-F5145788E8CB", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "596A35D8-3644-4C45-99AC-4D201F170B83", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "09F6EC13-4398-48CB-B999-14FABE281247", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "E606B713-528D-4C6D-98C4-E9A93DB7A8E8", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "0FA8C03D-3661-446D-B502-BEB52B7B6305", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "AB4031E1-43D6-4B54-BF77-AAB8B29399C3", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "9228FA0A-8745-4731-A214-5A8AC0AA902A", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AB5A624E-40A1-4F75-8B9A-FA56510C19EE", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5F3CFB0D-DDA1-4CFF-BAB4-96EF72F4F777", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D4D99030-AEA2-4DDF-AD7D-0ED66913D6FA", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1503B2F8-3549-4E52-87E9-6F0FD91F1428", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5BEBE938-67A7-43E8-8973-E749ACC32F64", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8BC7ABB7-2FA9-42CA-9BEF-241A91F317FF", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9BD61B6A-4E98-4D2C-92BC-FED15CEE39A6", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2C21D1B2-2424-4A56-A179-431EDC41B929", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "19699BA9-2324-40C5-81B9-0EA6A45109AA", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B8BA9BE0-1646-41EF-BCE2-7BD4021196C5", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AB776539-CD9F-4447-A2DC-9B7EF4DFE341", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E08E3F72-4CEF-4607-8B27-515E6471B9D1", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "A9A8A5C3-0C38-4F46-8F98-DC3B9C58D660", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "E69B6320-088E-445D-8863-34CF67F172F3", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "21987539-682A-4F8F-9FE7-526A054705FF", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "A7B34FC0-168E-4CA8-B1F4-BDC0D2213280", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "BE667B60-8CA7-478E-AD76-1BDEBAE5A691", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "9BE59364-3DB3-4528-AFC4-D3A39872514D", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "DA776514-AF68-4292-931E-290310EB0939", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E7DEDB9D-58DB-45EB-91EA-8A6694E4F29A", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "34F29398-32A5-48F6-B144-B184BFFB1034", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "678B7FC3-6796-4159-BF2B-8FAD49E0F566", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "F61C9261-F842-47EB-87C8-F284EA9818AA", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "EEA3324A-4661-4CCF-9E40-DD50162542A0", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "96E945EE-A623-4775-83B9-4CF81B7EA70F", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "95EDA820-6FDE-44B9-89CE-B83847416CF4", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "6FEAA997-2F7E-4E93-AEAA-33215A6C09A9", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "A0E47FF6-A851-4588-9F39-B292D4147AE6", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "B7D18CF1-5C74-4681-B356-CB2DD75DBF19", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "F14F10D9-4F2D-4C6D-8B0C-9775ED35DFEF", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "92484170-2E91-45F6-9789-B0DF3F5E6260", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DFF4B95E-40C6-4C8F-81BD-172A907CA5FD", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "67AA4DB9-A5B6-4AF2-B6FC-3C21913264BD", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D960933D-9476-4473-A3FB-0032C051BE50", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0913B326-07B9-4133-8726-D5D34E7DB01B", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "14CEF743-6C3B-4D90-99BF-6A27B37ADAEA", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0A16FE69-A466-4FA6-BDDA-794C9F2B36FD", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BFA7EEBD-F6F6-4243-B57D-BE210D8E16CF", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "E2596EE8-47D2-41E1-BD32-955D80FD697B", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "44D33B41-F19D-4B46-9F9E-FC03051EBB0C", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BD08072C-438D-41BF-976D-B1B006E55C1F", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "542EB351-79B1-4A9D-A5A1-2F3E0E88963C", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "039E73A1-9F90-46A4-BFEE-5E97BAF3FAA6", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "591EA641-C103-4575-97D5-15D41B20E581", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A3F3F4FD-8BB9-468D-B50F-B25B17AF0F3A", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "63529AEA-8B74-4CA1-BADF-14514D243DC5", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A4D87CCF-ED81-4B69-9D02-D5B79082E0FF", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "895E610D-52F6-45CA-B205-D110A1DC6BEC", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "43581457-5C55-4B31-BEFA-4B59B2744BB8", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9866C62F-DA11-43B1-B475-A07B1B58933D", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "272A20C4-70D7-43AB-8B62-132466AB1E35", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DE65180C-47C8-41CF-B6C7-181259605B2C", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AA2E2944-484A-47B5-947A-10C3C09E6C33", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4B114C6C-E950-4B75-B341-022799ABBACF", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "5FAB378B-D08A-4B50-BD7D-51F9B461FED5", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "BC99D7B3-65E5-4C9E-9D34-FF9161295F86", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "F439E03A-FCE0-4865-986B-E21D52ED4470", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "54E703A5-F9F1-4DDA-8B70-D3C6F51038B6", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "226F4AFF-1A4F-48ED-9B4E-8CD6043AB53C", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "57FD7F09-9829-42B0-913E-A43129AD758B", versionEndExcluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "928A7D30-8099-47B8-A1D2-A4997F54C1C2", versionEndIncluding: "5.4.0", versionStartIncluding: "5.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "F37D18F2-8C6A-4557-85DC-2A751595423C", versionEndIncluding: "6.1.0", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2B589C35-55F2-4D40-B5A6-8267EE20D627", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D3CE7526-9630-48EF-81FB-44904AF0653F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.", }, { lang: "es", value: "En BIG-IP versiones 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5 y 11.6.0-11.6.5.1, el tmm se bloquea en determinadas circunstancias cuando se usa el perfil connector si una secuencia específica de conexiones es realizada.", }, ], id: "CVE-2020-5854", lastModified: "2024-11-21T05:34:42.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-06T16:15:12.417", references: [ { source: "f5sirt@f5.com", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K50046200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K50046200", }, ], sourceIdentifier: "f5sirt@f5.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-03 16:15
Modified
2024-11-21 03:49
Severity ?
Summary
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "F15588EA-D854-4694-97C6-53D9AA8B6F2D", versionEndExcluding: "10.15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "14A4E46D-F0DB-4201-9102-EC89FACBE780", versionEndIncluding: "5.4.0", versionStartIncluding: "5.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "F37D18F2-8C6A-4557-85DC-2A751595423C", versionEndIncluding: "6.1.0", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2B589C35-55F2-4D40-B5A6-8267EE20D627", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "85EE39BF-86AA-498B-BF51-EDCD7BD01376", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3B5688-0235-4D4F-A26C-440FF24A1B43", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6FCB6C17-33AC-4E5E-8633-7490058CA51F", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D6A53E3C-3E09-4100-8D5A-10AD4973C230", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C6917369-D3C2-42EB-B73B-F86CE2F17401", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "151ED6D1-AA85-4213-8F3A-8167CBEC4721", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6F1C68BC-A3EF-4205-AD00-68CB3A8C65AF", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "925049D0-082E-4CED-9996-A55620A220CF", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FCAE28C2-0ADD-4FD0-A520-EFB764164DD8", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "596A35D8-3644-4C45-99AC-4D201F170B83", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "5D5AA99B-08E7-4959-A3B4-41AA527B4B22", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "4AC8FD5C-AE1A-4484-BB6F-EBB6A48D21F8", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "6D87C038-B96D-4EA8-AB03-0401B2C9BB24", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "36A213C6-D6E4-4F38-989D-81D3DFC11829", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AB5A624E-40A1-4F75-8B9A-FA56510C19EE", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9DC86A5F-C793-4848-901F-04BFB57A07F6", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0772A366-87B9-40EC-9F63-AE0FF0EF5002", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "037C035C-9CFC-4224-8264-6132252D11FD", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "59D9F39B-206B-4E76-A811-1CAA705A60EE", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9BD61B6A-4E98-4D2C-92BC-FED15CEE39A6", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8A53C692-D353-42E3-9148-F850DA11884F", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "70099A38-3B84-4C40-8590-BE6C8F7C21A7", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "A9A8A5C3-0C38-4F46-8F98-DC3B9C58D660", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "55C2EC23-E78F-4447-BACF-21FC36ABF155", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "A35AC237-573B-4309-87EF-3945FA2449BF", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "46712630-407A-4E61-B62F-3AB156353A1D", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "1DE40473-ABAE-4D91-8EBB-FB5719E107F6", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "DA776514-AF68-4292-931E-290310EB0939", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "EFFCCCFF-8B66-4C8B-A99A-32964855EF98", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "0D879CE9-E793-41A5-8C20-9BE90BCB012C", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "448BB033-AE0F-46A0-8E98-3A6AE36EADAE", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "5B85324E-B26B-4B31-B4D0-43438546A411", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "96E945EE-A623-4775-83B9-4CF81B7EA70F", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "945A19E8-51EB-42FE-9BF1-12DAC78B5286", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "0B6C3F50-BD60-4A8C-8DBB-680DA4D6BE6D", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "DC39F6EE-478A-4638-B97D-3C25FD318F3D", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "18B5A918-F9AA-4889-94A7-33E6E54CF383", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "92484170-2E91-45F6-9789-B0DF3F5E6260", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EB5007D0-BBDB-4D74-9C88-98FBA74757D1", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FB07E847-6083-4CC8-8A62-6B9744B87088", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5C556587-6963-49CF-8A2B-00431B386D78", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EF606356-8191-478D-AF60-D48A408CD9ED", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0A16FE69-A466-4FA6-BDDA-794C9F2B36FD", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "B7725810-66D2-4460-A174-9F3BFAD966F2", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0620AA57-83D1-41E6-8ABB-99F3FABB10F0", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "572B1078-60C4-4A71-A0F4-2E2F4FBC4102", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "FA3E37E6-64B9-4668-AC01-933711E1C934", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "039E73A1-9F90-46A4-BFEE-5E97BAF3FAA6", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EFD760FE-4347-4D36-B5C6-4009398060F2", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BF552D91-612A-43E1-B2D6-02E2515FEA22", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C95403E8-A078-47E8-9B2F-F572D24C79EF", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8CCD3CF9-EA9D-43FF-8ADA-713B4B5C468E", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "43581457-5C55-4B31-BEFA-4B59B2744BB8", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "65B76F53-7D8B-477E-8B6E-91AC0A9009FF", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6704F0A6-16E2-4C2D-B5BD-EDDEAD5C153C", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EC6612AB-E46B-4A8B-9B3E-C711D8C27962", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "5FAB378B-D08A-4B50-BD7D-51F9B461FED5", versionEndIncluding: "11.6.5", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "9F8860F9-2599-4463-AD42-7AF1FD64819B", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "F2ADF37B-FCEB-4735-82D9-4241E3A4DE64", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "BF378F37-554E-498A-8471-48F7544A231F", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D3CE7526-9630-48EF-81FB-44904AF0653F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().", }, { lang: "es", value: "El analizador OSPFv3 en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en la función print-ospf6.c:ospf6_print_lshdr().", }, ], id: "CVE-2018-14880", lastModified: "2024-11-21T03:49:59.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-03T16:15:12.210", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://support.f5.com/csp/article/K56551263?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K56551263?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-05 17:15
Modified
2024-11-21 06:56
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K24248011 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K24248011 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | traffix_signaling_delivery_controller | 5.1.0 | |
| f5 | traffix_signaling_delivery_controller | 5.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "42836A1C-81BB-4F80-9E32-EEE0DAA18D26", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DA4D5EC6-8099-4D0A-AD6F-BA3B37C2EBD8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", }, { lang: "es", value: "En F5 Traffix SDC versiones 5.2.x anteriores a 5.2.2 y en las versiones 5.1.x anteriores a 5.1.35, Se presenta una vulnerabilidad de Inyección de Plantillas de tipo Cross-Site almacenado en una página no revelada de la utilidad de configuración de Traffix SDC que permite a un atacante ejecutar instrucciones específicas del idioma de la plantilla en el contexto del servidor. Nota: Las versiones de software que han alcanzado el Fin del Soporte Técnico (EoTS) no son evaluadas", }, ], id: "CVE-2022-27662", lastModified: "2024-11-21T06:56:07.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "f5sirt@f5.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-05T17:15:13.467", references: [ { source: "f5sirt@f5.com", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K24248011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K24248011", }, ], sourceIdentifier: "f5sirt@f5.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1336", }, ], source: "f5sirt@f5.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-05 17:15
Modified
2024-11-21 06:56
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K17341495 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K17341495 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | traffix_signaling_delivery_controller | 5.1.0 | |
| f5 | traffix_signaling_delivery_controller | 5.2.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "42836A1C-81BB-4F80-9E32-EEE0DAA18D26", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DA4D5EC6-8099-4D0A-AD6F-BA3B37C2EBD8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", }, { lang: "es", value: "En F5 Traffix SDC versiones 5.2.x anteriores a 5.2.2 y en versiones 5.1.x anteriores a 5.1.35, Se presenta una vulnerabilidad de tipo cross-Site Scripting (XSS) almacenado en una página no revelada de la utilidad de configuración de Traffix SDC que permite a un atacante ejecutar JavaScript en el contexto del usuario actualmente conectado. Nota: Las versiones de software que han alcanzado el Fin del Soporte Técnico (EoTS) no son evaluadas", }, ], id: "CVE-2022-27880", lastModified: "2024-11-21T06:56:24.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "f5sirt@f5.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-05T17:15:13.847", references: [ { source: "f5sirt@f5.com", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K17341495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K17341495", }, ], sourceIdentifier: "f5sirt@f5.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "f5sirt@f5.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-11 19:15
Modified
2025-04-15 14:08
Severity ?
Summary
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:balasys:dheater:-:*:*:*:*:*:*:*", matchCriteriaId: "DE3F88FC-F039-433B-9035-88F1691DA082", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*", matchCriteriaId: "FBC30055-239F-4BB1-B2D1-E5E35F0D8911", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", matchCriteriaId: "F13F07CC-739B-465C-9184-0E9D708BD4C7", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", matchCriteriaId: "15FC9014-BD85-4382-9D04-C0703E901D7A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:*:*:*", matchCriteriaId: "70A029CD-2AC4-4877-B1A4-5C72B351BA27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "CE73DAA2-9CCA-4BD6-B11A-9326F79D9ABB", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "475E283C-8F3C-4051-B9E8-349845F8C528", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", matchCriteriaId: "956AC9F3-2042-4C21-A5E4-D2D4334D2FC3", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "E17DBD3E-F5AC-4A35-81E0-C4804CAD78F9", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "346B71B1-D583-4463-ADF8-BEE700B0CA3A", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B2AA25BA-72C5-48A9-BDBC-CA108208011F", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", matchCriteriaId: "308B0070-6716-4754-A5E4-C3D70CAB376B", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_carrier-grade_nat:*:*:*:*:*:*:*:*", matchCriteriaId: "8F26AB06-7FEB-4A56-B722-DBDEEE628DB8", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", matchCriteriaId: "EE48C9C9-6B84-4A4A-963D-6DFE0C2FB312", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "878CD8E6-6B9B-431D-BD15-F954C7B8076F", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4D9DB9B9-2959-448E-9B59-C873584A0E11", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF04191-019B-4BC9-A9A7-7B7AA9B5B7D1", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F62D754D-A4A1-4093-AB42-9F51C19976CA", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "90084CD6-FA4B-4305-BC65-58237BAF714E", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BC9D4626-915F-42E5-81E0-6F8271084773", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7056F1FA-24AC-4D9F-8DDC-B3CA4740BF5E", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_service_proxy:1.6.0:*:*:*:*:kubernetes:*:*", matchCriteriaId: "BC5AC8C7-92BA-48D4-81A1-F5323DA952A9", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "E48AC50D-19B3-4E97-ADD2-B661BD891ED7", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "B13C4244-BE15-4F2C-BBBA-35072571B041", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "C1B4FBF6-C23A-4BD2-ADFB-9617C03B603A", versionEndIncluding: "17.1.0", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "360D8842-2C55-450F-9AFA-09CA34B12598", versionEndIncluding: "8.2.0", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "DA0B396A-B5CE-4337-A33A-EF58C4589CB3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "42836A1C-81BB-4F80-9E32-EEE0DAA18D26", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DA4D5EC6-8099-4D0A-AD6F-BA3B37C2EBD8", vulnerable: true, }, { criteria: "cpe:2.3:o:f5:f5os-a:1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E07466E4-FEA5-45F4-9BF2-0BACDF6638F3", vulnerable: true, }, { criteria: "cpe:2.3:o:f5:f5os-a:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "418EF0E3-C3EB-48EE-83F0-688FCE0D8898", vulnerable: true, }, { criteria: "cpe:2.3:o:f5:f5os-c:*:*:*:*:*:*:*:*", matchCriteriaId: "C089BDAE-1C06-4F2C-A6E2-9907412372A3", versionEndIncluding: "1.3.2", versionStartIncluding: "1.3.0", vulnerable: true, }, { criteria: "cpe:2.3:o:f5:f5os-c:1.5.0:*:*:*:*:*:*:*", matchCriteriaId: "186BC26D-7E1E-4417-941E-5056CC545142", vulnerable: true, }, { criteria: "cpe:2.3:o:f5:f5os-c:1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "1EA06F21-0666-4199-853B-7B77C229E355", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", matchCriteriaId: "3B3AD582-9909-4FF5-B541-571F18E22356", versionEndExcluding: "10.06.0180", versionStartIncluding: "10.06.0000", vulnerable: true, }, { criteria: "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", matchCriteriaId: "21F81EB2-3916-4DC6-9600-B7FD17906B53", versionEndExcluding: "10.07.0030", versionStartIncluding: "10.07.0000", vulnerable: true, }, { criteria: "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", matchCriteriaId: "71284AA8-9E0E-4B2F-8464-B49E1D6965B5", versionEndExcluding: "10.08.0010", versionStartIncluding: "10.08.0000", vulnerable: true, }, { criteria: "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", matchCriteriaId: "F059E5A9-E613-4BE1-BF61-C477B3441175", versionEndExcluding: "10.09.0002", versionStartIncluding: "10.09.0000", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:hpe:aruba_cx_4100i:-:*:*:*:*:*:*:*", matchCriteriaId: "B7C2B56C-203F-4290-BCE7-8BD751DF9CEF", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_6100:-:*:*:*:*:*:*:*", matchCriteriaId: "FF1DD310-3D31-4204-92E0-70C33EE44F08", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_6200f:-:*:*:*:*:*:*:*", matchCriteriaId: "FCD1A83B-109B-4596-AE37-706751E2B57D", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_6200m:-:*:*:*:*:*:*:*", matchCriteriaId: "1218AAA5-01ED-4D89-A7AE-A600356ABD46", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_6300f:-:*:*:*:*:*:*:*", matchCriteriaId: "4D6F748F-89E9-45FB-8BE7-2201E5EB2755", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_6300m:-:*:*:*:*:*:*:*", matchCriteriaId: "8066A871-2683-4F74-9750-E73BF004209F", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_6405:-:*:*:*:*:*:*:*", matchCriteriaId: "D118A9A6-BBA4-4149-AE0D-1DA2EB45B53F", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_6410:-:*:*:*:*:*:*:*", matchCriteriaId: "790C5E7A-3405-4873-83E8-4D9C0FEC5E6D", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_8320:-:*:*:*:*:*:*:*", matchCriteriaId: "10B5F18A-28B0-49B4-8374-C681C2B48D2A", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_8325-32c:-:*:*:*:*:*:*:*", matchCriteriaId: "59B7E2D3-0B72-4A78-AEFA-F106FAD38156", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_8325-48y8c:-:*:*:*:*:*:*:*", matchCriteriaId: "7E87A92B-4EE5-4235-A0DA-195F27841DBB", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_8360-12c:-:*:*:*:*:*:*:*", matchCriteriaId: "6BC24E52-13C0-402F-9ABF-A1DE51719AEF", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_8360-16y2c:-:*:*:*:*:*:*:*", matchCriteriaId: "76EF979E-061A-42A3-B161-B835E92ED180", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_8360-24xf2c:-:*:*:*:*:*:*:*", matchCriteriaId: "DE04919C-9289-4FB3-938F-F8BB15EC6A74", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_8360-32y4c:-:*:*:*:*:*:*:*", matchCriteriaId: "B630C64B-C474-477D-A80B-A0FB73ACCC49", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_8360-48xt4c:-:*:*:*:*:*:*:*", matchCriteriaId: "53ABE8B8-A4F6-400B-A893-314BE24D06B8", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_8360-48y6c:-:*:*:*:*:*:*:*", matchCriteriaId: "C44383CC-3751-455E-B1AB-39B16F40DC76", vulnerable: false, }, { criteria: "cpe:2.3:h:hpe:aruba_cx_8400:-:*:*:*:*:*:*:*", matchCriteriaId: "B25A9CD2-5E5F-4BDB-8707-5D6941411A2B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*", matchCriteriaId: "62A933C5-C56E-485C-AD49-3B6A2C329131", versionEndExcluding: "3.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", matchCriteriaId: "F7387F52-013D-432D-87D8-5D3ABD472C9E", versionEndExcluding: "4.3.16", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", matchCriteriaId: "C8A23A5D-928A-4225-9C93-31E5DFE215A7", versionEndExcluding: "4.6.3", versionStartIncluding: "4.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.", }, { lang: "es", value: "El Protocolo de Acuerdo de Claves Diffie-Hellman permite a atacantes remotos (del lado del cliente) enviar números arbitrarios que en realidad no son claves públicas, y desencadenar costosos cálculos de exponenciación modular DHE del lado del servidor, también se conoce como un ataque D(HE)ater. El cliente necesita muy pocos recursos de CPU y ancho de banda de red. El ataque puede ser más perturbador en los casos en los que un cliente puede exigir al servidor que seleccione su mayor tamaño de clave soportado. El escenario básico del ataque es que el cliente debe afirmar que sólo puede comunicarse con DHE, y el servidor debe estar configurado para permitir DHE", }, ], id: "CVE-2002-20001", lastModified: "2025-04-15T14:08:06.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-11T19:15:07.380", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://dheatattack.com", }, { source: "cve@mitre.org", url: "https://dheatattack.gitlab.io/", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://github.com/Balasys/dheater", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://github.com/mozilla/ssl-config-generator/issues/162", }, { source: "cve@mitre.org", url: "https://gitlab.com/dheatattack/dheater", }, { source: "cve@mitre.org", url: "https://ieeexplore.ieee.org/document/10374117", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K83120834", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", ], url: "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/support/kb/doc/?id=000020510", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://dheatattack.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://dheatattack.gitlab.io/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/Balasys/dheater", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/mozilla/ssl-config-generator/issues/162", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://gitlab.com/dheatattack/dheater", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://ieeexplore.ieee.org/document/10374117", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K83120834", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", ], url: "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/support/kb/doc/?id=000020510", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-03 16:15
Modified
2024-11-21 03:49
Severity ?
Summary
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tcpdump | tcpdump | * | |
| f5 | traffix_signaling_delivery_controller | * | |
| tcpdump | tcpdump | * | |
| apple | mac_os_x | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "F15588EA-D854-4694-97C6-53D9AA8B6F2D", versionEndExcluding: "10.15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", }, { lang: "es", value: "El analizador RSVP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-rsvp.c:rsvp_obj_print().", }, ], id: "CVE-2018-14465", lastModified: "2024-11-21T03:49:08.053", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-03T16:15:11.710", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-03 16:15
Modified
2024-11-21 03:49
Severity ?
Summary
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tcpdump | tcpdump | * | |
| f5 | traffix_signaling_delivery_controller | * | |
| tcpdump | tcpdump | * | |
| apple | mac_os_x | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "F15588EA-D854-4694-97C6-53D9AA8B6F2D", versionEndExcluding: "10.15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().", }, { lang: "es", value: "El analizador IKEv1 en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-isakmp.c:ikev1_n_print().", }, ], id: "CVE-2018-14469", lastModified: "2024-11-21T03:49:08.903", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-03T16:15:11.990", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-03 16:15
Modified
2024-11-21 03:50
Severity ?
Summary
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tcpdump | tcpdump | * | |
| f5 | traffix_signaling_delivery_controller | * | |
| tcpdump | tcpdump | * | |
| apple | mac_os_x | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "F15588EA-D854-4694-97C6-53D9AA8B6F2D", versionEndExcluding: "10.15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.", }, { lang: "es", value: "El analizador ICMPv6 en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en el archivo print-icmp6.c.", }, ], id: "CVE-2018-14882", lastModified: "2024-11-21T03:50:00.217", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-03T16:15:12.337", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-07-26 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions | Broken Link | |
| cve@mitre.org | https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf | Technical Description, Third Party Advisory | |
| cve@mitre.org | https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf | Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| marvell | software_development_kit | 2.0 | |
| marvell | octeon_ii_cn6000 | - | |
| marvell | octeon_ii_cn6010 | - | |
| marvell | octeon_ii_cn6020 | - | |
| f5 | traffix_signaling_delivery_controller | * | |
| f5 | traffix_signaling_delivery_controller | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:marvell:software_development_kit:2.0:*:*:*:*:*:*:*", matchCriteriaId: "E332EC67-B3F5-437D-BC1F-D563B89181B8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:marvell:octeon_ii_cn6000:-:*:*:*:*:*:*:*", matchCriteriaId: "E31C6DFB-101A-493A-8515-4DAAB9F3A821", vulnerable: false, }, { criteria: "cpe:2.3:h:marvell:octeon_ii_cn6010:-:*:*:*:*:*:*:*", matchCriteriaId: "521C4A1A-96A2-4888-A345-8A153B793178", vulnerable: false, }, { criteria: "cpe:2.3:h:marvell:octeon_ii_cn6020:-:*:*:*:*:*:*:*", matchCriteriaId: "94651B37-ABBE-4400-8880-033A4EDAB41F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "90B753A2-3CC6-46A2-82C4-F2B7A029E18C", versionEndIncluding: "3.5.1", versionStartIncluding: "3.3.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "E0AAD5D5-E970-4875-8FDF-E940D9F00636", versionEndIncluding: "4.4.0", versionStartIncluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.", }, { lang: "es", value: "La implementación de RSA-CRT en Cavium Software Development Kit (SDK) 2.x cuando es utilizada en Hardware OCTEON II CN6xxx en Linux para soporte TLS con Perfect Forward Secrecy (PFS), facilita a atacantes remotos obtener claves RSA privadas llevando a cabo un ataque de canal lateral Lenstra.", }, ], id: "CVE-2015-5738", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-07-26T17:59:00.137", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions", }, { source: "cve@mitre.org", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Technical Description", "Third Party Advisory", ], url: "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-09-25 01:55
Modified
2025-04-12 10:46
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
References
Impacted products
{ cisaActionDue: "2022-07-28", cisaExploitAdd: "2022-01-28", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*", matchCriteriaId: "F4DBE402-1B0A-4854-ABE5-891321454C25", versionEndIncluding: "4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "DCA5A28D-79B6-4F3E-9C98-65D4DFAD8EE7", versionEndExcluding: "4.9.12", versionStartIncluding: "4.9.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "9B1DC7EF-C994-4252-9DFE-DCA63FB17AE0", versionEndExcluding: "4.10.9", versionStartIncluding: "4.10.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "9056776F-03F6-4C3D-8635-37D66FD16EAA", versionEndExcluding: "4.11.11", versionStartIncluding: "4.11.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "AFEE6963-F73F-4B71-B4F8-6E550FBDA5F6", versionEndExcluding: "4.12.9", versionStartIncluding: "4.12.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "8296875A-64FA-4592-848A-A923126BD8AF", versionEndExcluding: "4.13.9", versionStartIncluding: "4.13.0", vulnerable: true, }, { criteria: "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*", matchCriteriaId: "816A16AF-1F5E-483A-AA89-3022818FAE43", versionEndExcluding: "4.14.4f", versionStartIncluding: "4.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:4:*:*:*:*:*:*:*", matchCriteriaId: "F8421899-5D10-4C2B-88AA-3DA909FE3E67", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", matchCriteriaId: "62A2AC02-A933-4E51-810E-5D040B476B7B", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", matchCriteriaId: "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", matchCriteriaId: "BE8B7F1F-22F6-4B10-A6E5-DE44B1D2E649", versionEndExcluding: "4.1.1", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:4.1.1:-:*:*:*:*:*:*", matchCriteriaId: "F407EA72-BA1A-41A2-B699-874304A638A5", vulnerable: true, }, { criteria: "cpe:2.3:o:qnap:qts:4.1.1:build_0927:*:*:*:*:*:*", matchCriteriaId: "DDA25903-B334-438B-8196-B9E5119199D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*", matchCriteriaId: "76F1E356-E019-47E8-AA5F-702DA93CF74E", vulnerable: true, }, { criteria: "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F805A106-9A6F-48E7-8582-D3C5A26DFC11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC489F35-07F1-4C3E-80B9-78F0689BC54B", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:3.4:*:*:*:*:*:*:*", matchCriteriaId: "95CE35FC-266F-4025-A0B8-FB853C020800", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6172AF57-B26D-45F8-BE3A-F75ABDF28F49", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*", matchCriteriaId: "6252E88C-27FF-420D-A64A-C34124CF7E6A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", matchCriteriaId: "8A8E07B7-3739-4BEB-88F8-C7F62431E889", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "569964DA-31BE-4520-A66D-C3B09D557AB8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "807C024A-F8E8-4B48-A349-4C68CD252CA1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "F96E3779-F56A-45FF-BB3D-4980527D721E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", matchCriteriaId: "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "83737173-E12E-4641-BC49-0BD84A6B29D0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.9_s390x:*:*:*:*:*:*:*", matchCriteriaId: "EC5537E1-1E8E-49C5-B4CB-A8E2EE3F5088", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "804DFF9F-BAA8-4239-835B-6182471A224F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.5_s390x:*:*:*:*:*:*:*", matchCriteriaId: "9EE496C0-35F7-44DC-B3F0-71EA3A613C38", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.3_s390x:*:*:*:*:*:*:*", matchCriteriaId: "71179893-49F2-433C-A7AC-687075F9CC1B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.4_s390x:*:*:*:*:*:*:*", matchCriteriaId: "1D4C43D8-02A5-4385-A89E-F265FEEC9E9B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.5_s390x:*:*:*:*:*:*:*", matchCriteriaId: "37ECC029-3D84-4DD7-B28B-E5AD5559CF94", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.6_s390x:*:*:*:*:*:*:*", matchCriteriaId: "F4CBED2A-B6B0-420E-BC40-160930D8662E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.7_s390x:*:*:*:*:*:*:*", matchCriteriaId: "652F7BB0-A6EA-45D0-86D4-49F4CA6C3EE0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0_ppc:*:*:*:*:*:*:*", matchCriteriaId: "29BBF1AC-F31F-4251-8054-0D89A8E6E990", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.9_ppc:*:*:*:*:*:*:*", matchCriteriaId: "C52A4A2F-6385-4E5F-B2C7-0EF7267546F6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "6D8D654F-2442-4EA0-AF89-6AC2CD214772", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.4_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "D8ED0658-5F8F-48F0-A605-A2205DA27DA5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8BCF87FD-9358-42A5-9917-25DF0180A5A6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.5_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "C385DA76-4863-4D39-84D2-9D185D322365", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "188019BF-3700-4B3F-BFA5-553B2B545B7F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "9B8B2E32-B838-4E51-BAA2-764089D2A684", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "4319B943-7B19-468D-A160-5895F7F997A3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*", matchCriteriaId: "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*", matchCriteriaId: "634C23AC-AC9C-43F4-BED8-1C720816D5E3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", matchCriteriaId: "37CE1DC7-72C5-483C-8921-0B462C8284D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", matchCriteriaId: "54D669D4-6D7E-449D-80C1-28FA44F06FFE", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*", matchCriteriaId: "BB6ADFB8-210D-4E46-82A2-1C8705928382", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", matchCriteriaId: "92C9F1C4-55B0-426D-BB5E-01372C23AF97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", matchCriteriaId: "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", matchCriteriaId: "AF83BB87-B203-48F9-9D06-48A5FE399050", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "98381E61-F082-4302-B51F-5648884F998B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D99A687E-EAE6-417E-A88E-D0082BC194CD", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B353CE99-D57C-465B-AAB0-73EF581127D1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "7431ABC1-9252-419E-8CC1-311B41360078", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*", matchCriteriaId: "8821E5FE-319D-40AB-A515-D56C1893E6F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*", matchCriteriaId: "0AE981D4-0CA1-46FA-8E91-E1A4D5B31383", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*", matchCriteriaId: "F732C7C9-A9CC-4DEF-A8BE-D0F18C944C78", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", matchCriteriaId: "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", matchCriteriaId: "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", matchCriteriaId: "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", matchCriteriaId: "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", matchCriteriaId: "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*", matchCriteriaId: "74BCA435-7594-49E8-9BAE-9E02E129B6C0", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", matchCriteriaId: "3ED68ADD-BBDA-4485-BC76-58F011D72311", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", matchCriteriaId: "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*", matchCriteriaId: "CED02712-1031-4206-AC4D-E68710F46EC9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", matchCriteriaId: "35BBD83D-BDC7-4678-BE94-639F59281139", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:-:*:*", matchCriteriaId: "7F4AF9EC-7C74-40C3-A1BA-82B80C4A7EE0", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", matchCriteriaId: "CB6476C7-03F2-4939-AB85-69AA524516D9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", matchCriteriaId: "E534C201-BCC5-473C-AAA7-AAB97CEB5437", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", matchCriteriaId: "2470C6E8-2024-4CF5-9982-CFF50E88EAE9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", matchCriteriaId: "15FC9014-BD85-4382-9D04-C0703E901D7A", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", matchCriteriaId: "2F7F8866-DEAD-44D1-AB10-21EE611AA026", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", matchCriteriaId: "1831D45A-EE6E-4220-8F8C-248B69520948", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:8.2:*:*:*:*:*:*:*", matchCriteriaId: "94C9C346-6DEC-4C72-9F59-BB3BEC42B551", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.0:*:*:*:*:*:*:*", matchCriteriaId: "2071DABB-7102-47F2-A15F-A6C03607D01F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:infosphere_guardium_database_activity_monitoring:9.1:*:*:*:*:*:*:*", matchCriteriaId: "A8661E86-E075-427F-8E05-7A33811A3A76", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:*:*:*:*:*:*:*:*", matchCriteriaId: "BEFCC35D-1C83-4CA5-8B1D-9A637613AD7E", versionEndIncluding: "1.0.0.4", versionStartIncluding: "1.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:*:*:*:*:*:*:*:*", matchCriteriaId: "054736AF-96E0-491D-B824-CC4A35B76E14", versionEndIncluding: "1.1.0.4", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "575894EE-F13C-4D56-8B63-59A379F63BD2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0E476AEB-AD38-4033-8426-DC502497D75A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3C062C89-5DC2-46EE-A9D3-23E7539A5DAF", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr1:*:*:*:*:*:*", matchCriteriaId: "20981443-6A64-4852-B2CB-3299927C6F78", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr2:*:*:*:*:*:*", matchCriteriaId: "59761BB8-FCC7-4D15-88A8-82076CCF196F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:-:*:*:*:*:*:*", matchCriteriaId: "CF399B2E-8413-4B80-A0C0-E61E8A0A8604", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p1:*:*:*:*:*:*", matchCriteriaId: "230EBA53-66AF-432B-B4C1-08D8FC903B2B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p2:*:*:*:*:*:*", matchCriteriaId: "789F398A-5CB2-48F8-AF8F-05BF0A8E04B9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1:p3:*:*:*:*:*:*", matchCriteriaId: "EF102659-B067-473E-AA37-EA90A82D1864", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:-:*:*:*:*:*:*", matchCriteriaId: "81DF915D-D764-4C21-B213-0ADFD844E9DB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p1:*:*:*:*:*:*", matchCriteriaId: "C29A4119-A992-4713-85D6-4FDED7CD416A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p10:*:*:*:*:*:*", matchCriteriaId: "4CA59C9D-74C2-4AFC-B1D1-1BC305FD493B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p11:*:*:*:*:*:*", matchCriteriaId: "5720A37E-1DB5-45BA-9FDE-0EAEFE1F2257", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p12:*:*:*:*:*:*", matchCriteriaId: "F03006B7-037B-491F-A09F-DEB2FF076754", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p13:*:*:*:*:*:*", matchCriteriaId: "FE78AED4-AD60-406C-82E0-BA52701B49BA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p2:*:*:*:*:*:*", matchCriteriaId: "3D0B71F0-CCED-4E23-989A-3E9E2D71307C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p3:*:*:*:*:*:*", matchCriteriaId: "5CF8FC22-C556-451C-B928-F5AF8DF4BF45", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p4:*:*:*:*:*:*", matchCriteriaId: "081D3B14-45F6-4F96-944B-94D967FEFA26", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p5:*:*:*:*:*:*", matchCriteriaId: "DE2C36B5-43F8-401B-B420-1FA5F13A4D6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p6:*:*:*:*:*:*", matchCriteriaId: "D922DC5A-63F6-4188-BCDE-BB987402E47E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p7:*:*:*:*:*:*", matchCriteriaId: "BFD5737C-AAE8-4C8D-BCFE-FFDF5DA4221C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p8:*:*:*:*:*:*", matchCriteriaId: "C2BCC22C-A32B-4945-AFBC-777DBE248FB8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p9:*:*:*:*:*:*", matchCriteriaId: "92F92890-63B0-4918-A147-8852B6E2FA8A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2:*:*:*:*:*:*:*", matchCriteriaId: "8016ECD3-4417-47A8-9493-C9F9EDF5FAA5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:-:*:*:*:*:*:*", matchCriteriaId: "ED0B143A-5386-4375-AEB2-48619B2B1EF3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p1:*:*:*:*:*:*", matchCriteriaId: "E7ECA734-9E95-484F-B880-2491A0E2531B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p2:*:*:*:*:*:*", matchCriteriaId: "5D7CD9E9-033C-44B8-A68C-47AC260873E1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:p3:*:*:*:*:*:*", matchCriteriaId: "07B660DC-A94F-48F0-A2F4-1C39CC4751A5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:-:*:*:*:*:*:*", matchCriteriaId: "44D355AE-A8C0-4D7B-87FE-5D4138B6BB2E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p1:*:*:*:*:*:*", matchCriteriaId: "329C8551-98D1-4255-B598-9E75A071C186", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p2:*:*:*:*:*:*", matchCriteriaId: "FD0687B7-F374-4368-AD9E-041123B23A6C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:p3:*:*:*:*:*:*", matchCriteriaId: "D0330E77-454E-4E77-9628-50681B748491", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:-:*:*:*:*:*:*", matchCriteriaId: "3863726E-15AD-4A47-85CB-0C9965E76EF1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p1:*:*:*:*:*:*", matchCriteriaId: "5C07D9DC-E6C1-4FB0-86F1-144FD51B08CD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p2:*:*:*:*:*:*", matchCriteriaId: "3105129C-8FE8-4BF0-8CB9-A7F3F7FE1107", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p3:*:*:*:*:*:*", matchCriteriaId: "D1F35447-889F-4CE9-9473-87046B4707EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:p4:*:*:*:*:*:*", matchCriteriaId: "A3A5DFC0-BBD7-430C-A026-E1F34E08894D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:-:*:*:*:*:*:*", matchCriteriaId: "141E8F6A-3998-4F22-A717-3F52BC998F97", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p1:*:*:*:*:*:*", matchCriteriaId: "F09AA197-BB55-4CF0-AC29-4449C07DE510", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p2:*:*:*:*:*:*", matchCriteriaId: "3E468E33-B183-4830-97E2-EAF9FD3758E9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p3:*:*:*:*:*:*", matchCriteriaId: "738C8F2B-3D3E-4E1F-977A-05D3A39F115D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:p4:*:*:*:*:*:*", matchCriteriaId: "1ED03E83-909B-423F-81F2-34AB7F24BBE1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:-:*:*:*:*:*:*", matchCriteriaId: "9778E8AA-A034-4B04-A42E-6A182378C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p1:*:*:*:*:*:*", matchCriteriaId: "AEE15598-4064-4E31-86BA-7851AA4B76C4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p2:*:*:*:*:*:*", matchCriteriaId: "59FE3789-FB47-4939-B9AA-86D203445526", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p3:*:*:*:*:*:*", matchCriteriaId: "2F96389A-82B9-42DE-8E93-D2B2EE610F7A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p4:*:*:*:*:*:*", matchCriteriaId: "3131CDA5-1C4D-489C-8788-FA396F8ADB2C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p5:*:*:*:*:*:*", matchCriteriaId: "DCC7DF3E-658C-41D7-A4AC-433440A02092", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:p6:*:*:*:*:*:*", matchCriteriaId: "EEBB12B8-4EF6-42B9-9D28-A9CA129B0FBA", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:-:*:*:*:*:*:*", matchCriteriaId: "279C30FB-EA1C-4D1D-A37E-F1EEF79F19F4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p1:*:*:*:*:*:*", matchCriteriaId: "D6870C1E-E4A4-4666-89DB-D72C8100D27E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p2:*:*:*:*:*:*", matchCriteriaId: "BE183CA0-FFBB-4746-8BBE-5D1910DD2100", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p3:*:*:*:*:*:*", matchCriteriaId: "D04B5EBF-C94C-4A44-9A7E-75623CAF832C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p4:*:*:*:*:*:*", matchCriteriaId: "5723FDF4-198B-488E-B075-F528EC6E4D18", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p5:*:*:*:*:*:*", matchCriteriaId: "7E23A972-5BCA-4C7E-B6F9-AD54992861A2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:p6:*:*:*:*:*:*", matchCriteriaId: "1D00AFC9-8A9C-4BB1-9E60-BC6D552DC8E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:-:*:*:*:*:*:*", matchCriteriaId: "BFE4D0FF-6445-4E14-9536-ADB32662B346", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p1:*:*:*:*:*:*", matchCriteriaId: "C7FC4FDA-1C8D-4D7A-B5EA-D905FA830805", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p2:*:*:*:*:*:*", matchCriteriaId: "753AA0F3-09F4-4E34-8E72-FAFD8BFE18EC", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p3:*:*:*:*:*:*", matchCriteriaId: "9AC763FD-C143-4CA3-9A24-D50C9ED243D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p4:*:*:*:*:*:*", matchCriteriaId: "299C6CBE-905F-4E59-AF2F-89A1CD767916", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p5:*:*:*:*:*:*", matchCriteriaId: "78538461-1B7E-4712-AA8D-D2EA3477635B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p6:*:*:*:*:*:*", matchCriteriaId: "E3FF46F1-EF19-49D7-9EDD-44441C1A3F94", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:p7:*:*:*:*:*:*", matchCriteriaId: "D9F91FB6-7D8F-4D89-B6BA-2C6DF15B9A51", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:-:*:*:*:*:*:*", matchCriteriaId: "5725106C-A650-4C24-9636-1200BD44CCA4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p1:*:*:*:*:*:*", matchCriteriaId: "F1501425-96F7-487B-9588-FDA2DAC3790A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p2:*:*:*:*:*:*", matchCriteriaId: "48D95998-9434-4AFF-9983-0D7AC34176A3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p3:*:*:*:*:*:*", matchCriteriaId: "D60BB309-860D-4D74-B08F-F94AFE84C881", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:p4:*:*:*:*:*:*", matchCriteriaId: "F63E864E-6323-41B4-956F-51F9364DFAE2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:-:*:*:*:*:*:*", matchCriteriaId: "EC724282-7431-465E-8E60-4037121B8838", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p1:*:*:*:*:*:*", matchCriteriaId: "73151221-C102-4425-9316-1EE4CAAB6531", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p10:*:*:*:*:*:*", matchCriteriaId: "D1E9DDCD-6D22-4175-94EF-D8A5457E7355", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p11:*:*:*:*:*:*", matchCriteriaId: "35AB906F-43CD-4D54-8274-1FD551532E58", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p12:*:*:*:*:*:*", matchCriteriaId: "1ADC75F0-B27E-4B15-B829-482FBA0063A5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p13:*:*:*:*:*:*", matchCriteriaId: "D015D670-8AEA-49A3-8D22-9E3009322EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p14:*:*:*:*:*:*", matchCriteriaId: "C18F3CC3-9BCF-4DE8-B7CA-59587D5E61F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p15:*:*:*:*:*:*", matchCriteriaId: "E543BC0F-ADFB-4CF2-BC6C-90DC76BE3A95", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p16:*:*:*:*:*:*", matchCriteriaId: "28CE650B-BE03-4EDF-BE27-2FA6657F7A52", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p2:*:*:*:*:*:*", matchCriteriaId: "2356A4E6-561B-40CA-8348-B30D581B1E46", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p3:*:*:*:*:*:*", matchCriteriaId: "74509F3F-840E-48B8-88B1-EA4FFB90ACC3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p4:*:*:*:*:*:*", matchCriteriaId: "BE7BD528-628F-4CA9-9FE8-8A79BDC97680", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p5:*:*:*:*:*:*", matchCriteriaId: "26118C2B-78CC-4038-9DEA-7A9417029790", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p6:*:*:*:*:*:*", matchCriteriaId: "29EBC1DD-6949-4B12-8CA5-EE2BCDB8C4C3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p7:*:*:*:*:*:*", matchCriteriaId: "4F445D93-D482-4A74-810D-66D78CBCAFED", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p8:*:*:*:*:*:*", matchCriteriaId: "2C9F200C-ECC9-4D51-AFE7-E99C16D09148", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p9:*:*:*:*:*:*", matchCriteriaId: "56B87CB5-0F77-4040-BB58-9DBF5723A4FD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8.15:*:*:*:*:*:*:*", matchCriteriaId: "F4B3321B-11AD-43EB-867C-FA4FA6A5421E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.9:*:*:*:*:*:*:*", matchCriteriaId: "DFB104CA-55CD-4B9E-A2F7-CC06E57663CB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "4975223D-9E31-4CEC-A4B6-C0996828B855", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "22E0F4A7-B8BD-42D1-92DB-2B510FFC9C36", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "C15C820B-4778-4B8F-8BD8-E996F1D4062D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:*", matchCriteriaId: "A42E70EE-2E23-4D92-ADE0-9177B9EDD430", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:*", matchCriteriaId: "01C91446-4A36-4FCE-A973-3E6F813FABC9", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p1:*:*:*:*:*:*", matchCriteriaId: "58281E62-E350-4B0D-9322-8BA1E1773CB2", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p2:*:*:*:*:*:*", matchCriteriaId: "BF1A152E-5795-4319-BD4D-855DE19C744C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p3:*:*:*:*:*:*", matchCriteriaId: "438FCE7F-035A-4D89-96FE-EE5278C85493", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p4:*:*:*:*:*:*", matchCriteriaId: "80900F2C-7CFA-4C40-A6B5-51E12C3DA187", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p5:*:*:*:*:*:*", matchCriteriaId: "DDE9A060-1D4D-46E5-A34F-CC4CFA260D94", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p6:*:*:*:*:*:*", matchCriteriaId: "33F900E6-AE47-4789-A337-70C6BEF22895", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.6:p7:*:*:*:*:*:*", matchCriteriaId: "AD2E5054-2151-414D-A88F-6697FF280D41", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:-:*:*:*:*:*:*", matchCriteriaId: "3EB09361-372E-4F51-B255-C7D2DB41969F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p1:*:*:*:*:*:*", matchCriteriaId: "A36D6991-3728-4F60-A443-37652DFAA053", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p10:*:*:*:*:*:*", matchCriteriaId: "4142CC4E-9F0D-4017-8D17-D59FBCEB36F1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p11:*:*:*:*:*:*", matchCriteriaId: "63C0F7CA-5F3C-41D4-AAD6-084643115D85", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p12:*:*:*:*:*:*", matchCriteriaId: "1D16C66D-15BF-4EB8-8D78-DF12A69BD7F8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p13:*:*:*:*:*:*", matchCriteriaId: "81C388DC-0941-4D08-8C1C-BD43D9B0DC8F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p14:*:*:*:*:*:*", matchCriteriaId: "45CD14D8-665A-46C5-8387-33FF266822A7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p15:*:*:*:*:*:*", matchCriteriaId: "D510329D-B39E-4E2B-AAEC-1FDA7869C9E0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p16:*:*:*:*:*:*", matchCriteriaId: "4640FE06-4D22-442E-A0E0-76EEFAF6ECB4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p17:*:*:*:*:*:*", matchCriteriaId: "6A846C69-CA94-4F5E-9E02-69EA6680549E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p2:*:*:*:*:*:*", matchCriteriaId: "F3E63ECF-25CB-4E7F-BF51-B4D7B3541AE6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p3:*:*:*:*:*:*", matchCriteriaId: "FF14DD4F-6779-4B17-AB1B-D4DE58E7E231", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p4:*:*:*:*:*:*", matchCriteriaId: "7AAEE176-631A-41B9-BC40-93F866DA9D5E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p5:*:*:*:*:*:*", matchCriteriaId: "75C963D5-F2D1-49EE-93B5-CA7FE7EAB98C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p6:*:*:*:*:*:*", matchCriteriaId: "9388D932-9818-4A68-9543-B0643166DB2A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p7:*:*:*:*:*:*", matchCriteriaId: "770A9287-C910-4690-9402-0C0B7BAC8912", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p8:*:*:*:*:*:*", matchCriteriaId: "3F8AC068-D5AC-4042-8A7C-5B95EA0E85F5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.8:p9:*:*:*:*:*:*", matchCriteriaId: "B503F1F7-F439-420D-B465-9A51CCECAB06", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "27948B08-C452-41FB-B41F-6ADB3AAE087E", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "8AB8FB4C-5BBC-420D-84F0-C8424DC25CD7", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CAF1F14C-DB2C-40A8-B899-C127C7ECC0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_entry_appliance:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E87FA9CC-D201-430F-8FE6-8C9A88CEAB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:smartcloud_provisioning:2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4D7F2743-71BB-4011-B919-7E8032B6B72F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:kvm:*:*:*", matchCriteriaId: "3738FAC6-B90B-4014-9E86-17ED6D19D23D", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:openflow:*:*:*", matchCriteriaId: "35B6634E-4F09-423C-87E7-59D4127CC023", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:software_defined_network_for_virtual_environments:*:*:*:*:vmware:*:*:*", matchCriteriaId: "0A7A7100-A1DA-4191-A4C1-D930829A3DC2", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:starter_kit_for_cloud:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "83739ED7-37F1-4712-8C81-E56F58790240", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:workload_deployer:*:*:*:*:*:*:*:*", matchCriteriaId: "1CDD227E-1F98-4F73-BB65-3820F39127F0", versionEndIncluding: "3.1.0.7", versionStartIncluding: "3.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "EA4B8E11-83D3-4B38-90B6-4C0F536D06B6", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "250AF7A4-8DDF-427C-8BF7-788667908D77", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "22433CE0-9772-48CE-8069-612FF3732C21", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "2569AA28-5C61-4BBD-A501-E1ACFA36837B", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*", matchCriteriaId: "3AB188A2-D7CE-4141-A55A-C074C84E366E", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "DE776097-1DA4-4F27-8E96-61E3D9FFE8D0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*", matchCriteriaId: "FE4E5283-0FEE-4F37-9C41-FA695063FF79", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*", matchCriteriaId: "39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*", matchCriteriaId: "73EB6121-62CD-49FC-A1D2-5467B007253C", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*", matchCriteriaId: "97E19969-DD73-42F2-9E91-504E1663B268", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F9CC2E05-5179-4241-A710-E582510EEB0D", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*", matchCriteriaId: "BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3CB18F38-AC6A-406A-A4DD-40688B803744", versionEndExcluding: "1.4.3.5", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DFE781C8-40F7-4F6D-8FED-8EB3071FE9DB", versionEndExcluding: "1.5.0.4", versionStartIncluding: "1.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A5AB3395-B458-49F8-A8E3-25FF0C1C3BD3", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1EC57FAE-AD4D-4C9F-97A4-581C977B5FE4", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2ED020-4C7B-4303-ABE6-74D46D127556", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "47A17EE0-7D3E-4CD7-984C-BB17BF6F4BFD", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33A46CF2-392A-4BB9-B4BF-DE8C5228CAAE", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v5000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "9C4EF774-BD92-444D-9583-25DB97CDA4F3", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*", matchCriteriaId: "F0B69C8D-32A4-449F-9BFC-F1587C7FA8BD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8753BBDB-A858-4A51-A8FD-8DF8DF2734A0", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0FB9850A-3308-4277-A68C-AD418612101E", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3700_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C84D7A48-6745-49D3-AE52-31DD7EEC0D61", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*", matchCriteriaId: "49318A1D-49F6-4CA7-AE31-0EB4B3790CBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A1A3A3E-5636-4422-9B7B-B3D97989E674", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7384B993-049F-48D7-86D6-FE221C783245", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:storwize_v3500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B1DF6129-9CEA-4812-800F-A6FD5095D60E", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*", matchCriteriaId: "7352FACE-C8D0-49A7-A2D7-B755599F0FB3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "79788A89-4152-4B4B-BFF0-518D90EE4D2B", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "680738C5-63D5-4F60-9610-FD0D87FCBBCA", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:flex_system_v7000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "872E2102-6BE6-42B6-93B0-942B7DABCBDA", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:flex_system_v7000:-:*:*:*:*:*:*:*", matchCriteriaId: "DACA26CF-7C3F-4215-B032-ED9C5EFD57D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E6E31991-DF33-4F00-8430-7B626E8174CE", versionEndExcluding: "7.1.0.11", versionStartIncluding: "1.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B2E25BB0-6F5A-4A7B-9147-D4E17014C747", versionEndExcluding: "7.2.0.9", versionStartIncluding: "7.2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:san_volume_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B80C1675-4948-45DC-B593-EDB1354E42F3", versionEndExcluding: "7.3.0.7", versionStartIncluding: "7.3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:san_volume_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "D5D84487-CEBA-48A0-9B15-A0300D992E3D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1CE69F8D-5EEE-4BC7-939C-CE71BCD2E11D", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BDEC166F-A967-4616-B9EF-503054EFD197", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "713E71BC-16F5-41E3-9816-74D5E8D8C9A9", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn6500:-:*:*:*:*:*:*:*", matchCriteriaId: "4D2487E0-046C-476F-BFF4-EF77D9E856D8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0287F3CD-2151-491D-8BC3-6D3921BE8FFA", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C4179899-87B4-42C3-8245-9A34EC04F6A1", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn6800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B8CED766-9742-4037-8005-F0BDDE9176DD", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn6800:-:*:*:*:*:*:*:*", matchCriteriaId: "C41EEAEC-08AE-4478-8977-5A4D7B48C175", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "298C961D-5E5F-4277-B192-A4C29243BECC", versionEndExcluding: "3.8.0.07", versionStartIncluding: "3.8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E5A76C40-BA90-4FBD-8DFF-4AF8F952963A", versionEndExcluding: "3.9.1.08", versionStartIncluding: "3.9.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:ibm:stn7800_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B0663FBC-01C0-4AD8-A0B8-6097E537D352", versionEndExcluding: "4.1.2.06", versionStartIncluding: "4.1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:ibm:stn7800:-:*:*:*:*:*:*:*", matchCriteriaId: "CE145DE3-3C9B-4949-B6D4-9B259372CCE0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", matchCriteriaId: "01EDA41C-6B2E-49AF-B503-EB3882265C11", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:10.3:*:*:*:*:*:*:*", matchCriteriaId: "0ABC25E5-76CD-469B-879A-B1F7109D0181", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11:*:*:*:*:*:*:*", matchCriteriaId: "98942F6C-330F-459A-B2B4-72572DB4070E", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.1:*:*:*:*:*:*:*", matchCriteriaId: "F5A92B0C-7256-45F0-8E0C-ADFEF36CF43D", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.2:*:*:*:*:*:*:*", matchCriteriaId: "8C0BAB94-6521-4B57-9E56-A57BA5E20C24", vulnerable: true, }, { criteria: "cpe:2.3:a:novell:zenworks_configuration_management:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3A7788E5-93B9-4149-8823-2ACBA5CF17E0", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:open_enterprise_server:2.0:sp3:*:*:*:linux_kernel:*:*", matchCriteriaId: "B41B4ECD-6F30-46F5-A559-1CEFC7964873", vulnerable: true, }, { criteria: "cpe:2.3:o:novell:open_enterprise_server:11.0:sp2:*:*:*:linux_kernel:*:*", matchCriteriaId: "D42ADCD9-1455-401C-B94F-D367A78A2B97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:checkpoint:security_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "2853A787-E5F1-4455-9482-7C538B80556C", versionEndExcluding: "r77.30", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "79618AB4-7A8E-4488-8608-57EC2F8681FE", versionEndIncluding: "10.2.4", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8E910D60-1145-4229-9890-80D2D67C3845", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "48BBEF73-E87D-467F-85EB-47BE212DF0E8", versionEndIncluding: "11.5.1", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B276E4DF-69FC-4158-B93A-781A45605034", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "EE23220D-E364-41B7-A440-43B3AA4A716A", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C483253F-841E-4D4E-9B4A-932E9D07268B", versionEndIncluding: "11.5.1", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B40837-EC2B-41FB-ACC3-806054EAF28C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "667D3780-3949-41AC-83DE-5BCB8B36C382", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4F0E7766-BDB4-42AB-B6CC-6B4E86A10038", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "475F0EF8-42CB-4099-9C4A-390F946C4924", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "A8347412-DC42-4B86-BF6E-A44A5E1541ED", versionEndIncluding: "10.2.4", versionStartIncluding: "10.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "C8942D9D-8E3A-4876-8E93-ED8D201FF546", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7B5AF8C8-578E-4FD7-8BAA-53A57EE4C653", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "06BA93C0-A7AE-4A8E-BD74-08149A204463", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D7D7863D-B064-4D7A-A66B-C3D3523425FD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "1DF6BB8A-FA63-4DBC-891C-256FF23CBCF0", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "3E0D8F52-0EAD-4E02-A8D8-CBAE2CDC703B", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "5CDEC701-DAB3-4D92-AA67-B886E6693E46", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "289CEABB-22A2-436D-AE4B-4BDA2D0EAFDB", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C6D61BF2-69D8-4AD2-85CD-D87F640A6888", versionEndIncluding: "11.5.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E9A06D61-E6CB-4A8A-B06D-9FEA1812C167", versionEndIncluding: "11.5.1", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "2C0B4C01-C71E-4E35-B63A-68395984E033", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "9828CBA5-BB72-46E2-987D-633A5B3E2AFF", versionEndIncluding: "11.4.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BB60C39D-52ED-47DD-9FB9-2B4BC8D9F8AC", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "68BC025A-D45E-45FB-A4E4-1C89320B5BBE", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "AE007A64-5867-4B1A-AEFB-3AB2CD6A5EA4", versionEndIncluding: "10.2.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "7C75978B-566B-4353-8716-099CB8790EE0", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "BC24B891-6DBA-4C02-B4CF-8D1CA53B4B74", versionEndIncluding: "4.4.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*", matchCriteriaId: "0BB0FDAC-C49D-4E63-ACA9-7BAD7C93A5D2", versionEndIncluding: "4.4.0", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*", matchCriteriaId: "3AEB1FC5-1179-4DE9-99A2-D650167A7A60", versionEndIncluding: "4.4.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0ADD1B04-9F78-40B3-8314-6935277073B0", versionEndIncluding: "2.3.0", versionStartIncluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "482E630B-93A1-4B9B-8273-821C116ADC4F", versionEndIncluding: "3.1.1", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "1343FBDC-4BF0-403B-B257-96672F092263", versionEndIncluding: "4.0.5", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "7C138527-73D3-4AEE-BFAB-1D240A585A0F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8F2EB3D6-EF4C-4241-A31E-3990664004A7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8F0CD8F8-26CE-43F0-87EB-A08F1D1EDB25", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1D1168D2-93D5-4415-A666-B4BE0B2AC201", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:f5:arx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "48A2FBA9-207F-4F16-932D-BF0BA3440503", versionEndIncluding: "6.4.0", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:f5:arx:-:*:*:*:*:*:*:*", matchCriteriaId: "4C6AC80F-9D91-468D-BEE3-6A0759723673", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FF1DB4B7-AFCC-4D56-95BA-C66AB7A36680", versionEndExcluding: "9.3.67.5r1", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "665EF643-3CDC-4518-9693-0D49F0870283", versionEndExcluding: "10.1.129.11r1", versionStartIncluding: "10", vulnerable: true, }, { criteria: "cpe:2.3:o:citrix:netscaler_sdx_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BAE3CC45-49E5-40DE-B5C3-52A754A9C599", versionEndExcluding: "10.5.52.11r1", versionStartIncluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:citrix:netscaler_sdx:-:*:*:*:*:*:*:*", matchCriteriaId: "8968E39A-1E16-4B7F-A16A-190EBC20D04F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "864B5480-704F-4636-A938-7D95AD4223AD", versionEndExcluding: "10.10.0", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:*:*:*:*:*:*:*", matchCriteriaId: "35D34345-0AD1-499C-9A74-982B2D3F305A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_1:*:*:*:*:*:*", matchCriteriaId: "3DF3F07E-6F4E-4B97-B313-7DA3E8A88451", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.0:update_2:*:*:*:*:*:*", matchCriteriaId: "5C98B0EA-7A52-4BDF-90C2-38797FC2B75A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:*:*:*:*:*:*:*", matchCriteriaId: "FECF06B5-3915-48F0-A140-41C7A27EE99D", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_1:*:*:*:*:*:*", matchCriteriaId: "BBD8B161-0A07-492F-89E4-7A0BD02F6464", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.1:update_2:*:*:*:*:*:*", matchCriteriaId: "F3E8E0E1-FF63-425D-8C22-86B16CFB7B1A", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.5:-:*:*:*:*:*:*", matchCriteriaId: "29DF8DD7-B5CC-4152-A726-1D48459068D0", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:vcenter_server_appliance:5.5:update_1:*:*:*:*:*:*", matchCriteriaId: "DB2E2AAD-E221-4227-A41B-DC01BFDFCD6C", vulnerable: true, }, { criteria: "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BC337BB7-9A45-4406-A783-851F279130EE", vulnerable: true, }, { criteria: "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*", matchCriteriaId: "0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.", }, { lang: "es", value: "GNU Bash hasta 4.3 bash43-025 procesa cadenas finales después de la definición malformada de funciones en los valores de variables de entorno, lo que permite a atacantes remotos escribir hacia ficheros o posiblemente tener otro impacto desconocido a través de un entorno manipulado, tal y como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en la cual establecer el entorno ocurre a través de un límite privilegiado de la ejecución de Bash. Nota: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-6271.", }, ], id: "CVE-2014-7169", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2014-09-25T01:55:04.367", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0393.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1306.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3075.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3077.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3078.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1306.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1311.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1312.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/58200", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59272", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59737", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59907", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60024", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60034", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60044", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60055", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60063", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60193", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60325", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60433", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60947", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61065", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61128", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61129", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61188", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61283", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61287", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61291", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61312", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61313", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61328", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61442", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61471", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61479", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61485", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61503", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61550", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61552", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61565", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61603", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61618", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61619", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61622", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61626", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61633", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61641", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61643", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61654", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61676", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61700", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61703", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61711", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61715", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61780", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61816", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61855", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61857", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61873", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62228", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62312", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62343", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6495", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://support.novell.com/security/cve/CVE-2014-7169.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://twitter.com/taviso/statuses/514887394294652929", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-3035", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { source: "cve@mitre.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2014/09/24/32", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2363-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2363-2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/articles/1200223", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/node/1200223", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT6535", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX200217", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "https://support.citrix.com/article/CTX200223", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/34879/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/support/shellshock/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0393.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-1306.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3075.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3077.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-3078.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1306.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1311.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1312.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/58200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59737", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59907", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60055", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/60947", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61065", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61128", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61291", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61313", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61328", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61471", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61550", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61552", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61565", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61618", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61619", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61622", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61700", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61703", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61711", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61855", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61857", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/61873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62312", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/62343", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT6495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.novell.com/security/cve/CVE-2014-7169.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://twitter.com/taviso/statuses/514887394294652929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-3035", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2014/09/24/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2363-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2363-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/articles/1200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/node/1200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT6535", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.citrix.com/article/CTX200217", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://support.citrix.com/article/CTX200223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/34879/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.suse.com/support/shellshock/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-24 00:29
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | binutils | 2.32 | |
| netapp | element_software | - | |
| canonical | ubuntu_linux | 18.04 | |
| f5 | traffix_signaling_delivery_controller | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*", matchCriteriaId: "8A276274-BE53-4BC8-B3E4-3DF151E5FC7D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", }, { lang: "es", value: "Se ha descubierto un problema en GNU Binutils 2.32. Es un desbordamiento de búfer basado en memoria dinámica (heap) en process_mips_specific en readelf.c mediante una sección de opción MIPS mal formada.", }, ], id: "CVE-2019-9077", lastModified: "2024-11-21T04:50:56.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-24T00:29:00.597", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107139", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190314-0003/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K00056379", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4336-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190314-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K00056379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4336-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-19 00:15
Modified
2024-11-21 04:21
Severity ?
Summary
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "615F0E94-7028-46AC-8596-B2E2954ABD6E", versionEndExcluding: "4.4.182", versionStartIncluding: "4.4", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "1F75BEF6-57E1-47B5-BDF0-0008301F86FD", versionEndExcluding: "4.9.182", versionStartIncluding: "4.9", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "4C4BEC3E-CBB3-4E58-852E-5CB83C138CE4", versionEndExcluding: "4.14.127", versionStartIncluding: "4.14", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "0BEA51EC-8392-483C-B680-1B4E5C2BC2DB", versionEndExcluding: "4.19.52", versionStartIncluding: "4.19", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "CAC35790-3805-476A-9F12-45973E609A23", versionEndExcluding: "5.1.11", versionStartIncluding: "5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BEBEAED8-341C-4C26-B55D-F6176D7BB2C7", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1845A169-7B6C-4B7D-B8FC-0245DC1B4EEF", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F1212E1D-1A8F-4C6C-9472-22CE48F21B61", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E17D443D-9E5D-4F41-A539-6D7842B21E25", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "55FD34B0-E77C-4C4B-B278-624EF047415D", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7FFA9687-4655-4C45-ACE2-A957457BBD8B", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "270B50ED-8C7C-4FFC-90D2-1F3AE322D2AE", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EA130AF7-C25F-4C0B-ACAF-E7436C722431", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1AE785C8-06CA-4B15-A72D-A7EB0F0895D7", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "58C8E163-2A45-4C64-A7C2-5686C1EB3C78", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "26AFAAA7-73A9-4F50-9028-467ED5781DB4", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C24A8114-31AE-47C2-9FEE-52B69585D56A", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F9F325BF-D919-4258-A418-7057B1AF7361", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5F3CFB0D-DDA1-4CFF-BAB4-96EF72F4F777", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D4D99030-AEA2-4DDF-AD7D-0ED66913D6FA", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1503B2F8-3549-4E52-87E9-6F0FD91F1428", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "39A6D62D-BD9C-4BEA-B728-4B4E5857E201", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E3922DE9-3D92-484E-9BA2-1C278A6EDECE", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "1655EA50-55B6-418A-B2FC-D40A0BFD3C02", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BFA7EEBD-F6F6-4243-B57D-BE210D8E16CF", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "E2596EE8-47D2-41E1-BD32-955D80FD697B", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "44D33B41-F19D-4B46-9F9E-FC03051EBB0C", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "2EA95D57-BBD5-4449-8F62-0B5C53F8E962", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "A6300DC5-7D1F-4098-AD61-2826252A1C63", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AF9F166F-178C-4659-B323-9C6F754EB3D6", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9866C62F-DA11-43B1-B475-A07B1B58933D", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "272A20C4-70D7-43AB-8B62-132466AB1E35", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DE65180C-47C8-41CF-B6C7-181259605B2C", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AC8932E7-68AF-4850-9952-1275856EE198", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D8E67E0B-E542-4863-99D8-B3836ECDC04D", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "9CC75783-D714-4095-8F2B-62AB6F9176B1", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "BC99D7B3-65E5-4C9E-9D34-FF9161295F86", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "F439E03A-FCE0-4865-986B-E21D52ED4470", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "54E703A5-F9F1-4DDA-8B70-D3C6F51038B6", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "8D5F5BE5-319B-4358-8301-A59145F5E913", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "A0F6FDF3-A70E-4F37-975F-85735776B4B8", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "89B75BB7-5C62-45C2-8C44-1B52FB6DBAC0", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2C21D1B2-2424-4A56-A179-431EDC41B929", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "19699BA9-2324-40C5-81B9-0EA6A45109AA", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B8BA9BE0-1646-41EF-BCE2-7BD4021196C5", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DFE32931-B9F0-4907-9370-E31F6862463E", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9A58BD3F-F6D7-4EB3-B108-FEAA39262B75", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1405C4B2-C3BB-4FD9-A0BA-5577B9E6D98E", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "591EA641-C103-4575-97D5-15D41B20E581", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A3F3F4FD-8BB9-468D-B50F-B25B17AF0F3A", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "63529AEA-8B74-4CA1-BADF-14514D243DC5", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1C86750D-6944-4086-B06E-AEB186B6FD16", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5485F6ED-F324-4124-9116-79E70909C5F7", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "7695656A-4E55-46A1-9243-C153C644C6F6", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "95EDA820-6FDE-44B9-89CE-B83847416CF4", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "6FEAA997-2F7E-4E93-AEAA-33215A6C09A9", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "A0E47FF6-A851-4588-9F39-B292D4147AE6", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "4971E086-5B5B-45A9-9940-1241027D72C5", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "AEEB875C-E0EC-467B-9296-861F042AED67", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EE38A138-9145-4803-BB72-A86DD0C6036A", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DFF4B95E-40C6-4C8F-81BD-172A907CA5FD", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "67AA4DB9-A5B6-4AF2-B6FC-3C21913264BD", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D960933D-9476-4473-A3FB-0032C051BE50", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D8C2837A-1DB2-4FD1-831A-9C2F3D5FF171", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AFFE4B6E-DB23-45FB-9075-FC6B52FC18FC", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "935B69E4-BE3C-48C8-952B-8234BFFF9264", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "09F6EC13-4398-48CB-B999-14FABE281247", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "E606B713-528D-4C6D-98C4-E9A93DB7A8E8", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "0FA8C03D-3661-446D-B502-BEB52B7B6305", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "F36620C8-27C9-43A3-9C97-788145D509D9", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "28054725-6775-4AEE-B686-FB690894D1C6", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "BF928EA3-2883-4679-BF98-5B064DD19F3A", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E7DEDB9D-58DB-45EB-91EA-8A6694E4F29A", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "34F29398-32A5-48F6-B144-B184BFFB1034", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "678B7FC3-6796-4159-BF2B-8FAD49E0F566", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "59ABE79F-7C3E-4244-BD2B-F9CC3A3A71E4", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "FC4E7530-C750-4AE5-A98D-12F3E3819869", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "4D1D81B3-B059-41A7-9DD1-101A2E199005", versionEndExcluding: "11.6.5.1", versionStartIncluding: "11.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "E69B6320-088E-445D-8863-34CF67F172F3", versionEndExcluding: "12.1.5.1", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "21987539-682A-4F8F-9FE7-526A054705FF", versionEndExcluding: "13.1.3.2", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "A7B34FC0-168E-4CA8-B1F4-BDC0D2213280", versionEndExcluding: "14.0.1.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "B3C12B9E-4995-47A2-8E3B-089C096469E8", versionEndExcluding: "14.1.2.1", versionStartIncluding: "14.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "BCB0A0A1-244E-432F-8144-9770CC4AB696", versionEndExcluding: "15.0.1.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "928A7D30-8099-47B8-A1D2-A4997F54C1C2", versionEndIncluding: "5.4.0", versionStartIncluding: "5.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "F37D18F2-8C6A-4557-85DC-2A751595423C", versionEndIncluding: "6.1.0", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D3CE7526-9630-48EF-81FB-44904AF0653F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BB28F9AF-3D06-4532-B397-96D7E4792503", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.", }, { lang: "es", value: "Jonathan Looney descubrió que el tamaño máximo de segmento (MSS) por defecto del kernel de Linux está codificado a 48 bytes. Esto permite a un peer remoto fragmentar las colas de reenvío de TCP significativamente más que si se aplicara un MSS más grande. Un atacante remoto podría usar esto para causar una denegación de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en los commits 967c05aee439e6e5d7d805e195b3a20f5c433d6 y 5f3e2bf008c2221478101ee72f5c4ccccc", }, ], id: "CVE-2019-11479", lastModified: "2024-11-21T04:21:09.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security@ubuntu.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-19T00:15:12.767", references: [ { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108818", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", }, { source: "security@ubuntu.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K35421172", }, { source: "security@ubuntu.com", url: "https://support.f5.com/csp/article/K35421172?utm_source=f5support&%3Butm_medium=RSS", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4041-1/", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4041-2/", }, { source: "security@ubuntu.com", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/905115", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "security@ubuntu.com", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsma-20-170-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108818", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K35421172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K35421172?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4041-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4041-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/905115", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.us-cert.gov/ics/advisories/icsma-20-170-06", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-405", }, ], source: "security@ubuntu.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-29 17:15
Modified
2024-11-21 04:24
Severity ?
Summary
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnupg | gnupg | * | |
| sks_keyserver_project | sks_keyserver | * | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| f5 | traffix_signaling_delivery_controller | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", matchCriteriaId: "3BE9A5D9-E6DA-4C10-B054-DCFA4B5A2FE0", versionEndIncluding: "2.2.16", vulnerable: true, }, { criteria: "cpe:2.3:a:sks_keyserver_project:sks_keyserver:*:*:*:*:*:*:*:*", matchCriteriaId: "AB5F6B3A-38B8-4B82-A29A-B4F2609FC795", versionEndIncluding: "1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", }, { lang: "es", value: "La interacción entre el código sks-keyserver hasta versión 1.2.0 de la red SKS keyserver, y GnuPG hasta la versión 2.2.16, hace arriesgado tener una línea de configuración keyserver de GnuPG que se refiera a un host en la red SKS keyserver. La recuperación de datos de esta red puede causar una denegación de servicio persistente, debido a un Ataque de Spamming de Certificado.", }, ], id: "CVE-2019-13050", lastModified: "2024-11-21T04:24:06.410", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-29T17:15:08.627", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K08654551", }, { source: "cve@mitre.org", url: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://twitter.com/lambdafu/status/1147162583969009664", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K08654551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://twitter.com/lambdafu/status/1147162583969009664", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-26 13:15
Modified
2024-11-21 04:25
Severity ?
Summary
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openldap | openldap | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| debian | debian_linux | 8.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| f5 | traffix_signaling_delivery_controller | 5.0.0 | |
| f5 | traffix_signaling_delivery_controller | 5.1.0 | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.13.6 | |
| apple | mac_os_x | 10.14.6 | |
| apple | mac_os_x | 10.14.6 | |
| oracle | blockchain_platform | * | |
| oracle | zfs_storage_appliance_kit | 8.8 | |
| oracle | solaris | 11 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*", matchCriteriaId: "F3906A1D-2621-411B-A0C7-712212F1995A", versionEndIncluding: "2.4.47", versionStartIncluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", matchCriteriaId: "8D305F7A-D159-4716-AB26-5E38BB5CD991", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*", matchCriteriaId: "B85E9B9B-ADDB-4D2F-A857-685BD30CE856", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BD2438E2-0693-45E0-998E-0E9010525E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:5.1.0:*:*:*:*:*:*:*", matchCriteriaId: "42836A1C-81BB-4F80-9E32-EEE0DAA18D26", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "760AE295-2E39-4DA3-A384-01A5D4A131AD", versionEndExcluding: "10.13.6", versionStartIncluding: "10.13", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "6DE2B03F-94EE-4E32-B366-FE31A7031403", versionEndExcluding: "10.14.6", versionStartIncluding: "10.14", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "2FA153AE-DA41-4A04-B1B1-328ACA29689B", versionEndExcluding: "10.15.2", versionStartIncluding: "10.15", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:*:*:*:*:*:*:*", matchCriteriaId: "04D7DAFB-DEE4-4A71-A27C-0E34426AACE0", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", matchCriteriaId: "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", matchCriteriaId: "0D845143-1B4D-478B-B83E-8F1664CBCAC3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", matchCriteriaId: "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", matchCriteriaId: "0DF528F7-0F1E-4E55-A088-91327E3C360C", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", matchCriteriaId: "E222445A-D398-47C8-9639-4BAE36B69AA1", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", matchCriteriaId: "9425DAC8-038D-4B09-A074-3780AED912FA", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", matchCriteriaId: "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", matchCriteriaId: "CFE26ECC-A2C2-4501-9950-510DE0E1BD86", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", matchCriteriaId: "D0DBC938-A782-433F-8BF1-CA250C332AA7", versionEndExcluding: "21.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", matchCriteriaId: "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.", }, { lang: "es", value: "Se detectó un problema en OpenLDAP versiones 2.x anteriores a 2.4.48. Cuando se utiliza la autenticación SASL y el cifrado de sesión y confiando en las capas de seguridad SASL en los controles de acceso slapd, es posible obtener acceso que, de lo contrario, se denegaría por medio de un enlace simple para cualquier identidad cubierta en esas ACL. Una vez completado el primer enlace SASL, se conserva el valor sasl_ssf para todas las nuevas conexiones que no sean SASL. Dependiendo de la configuración de ACL, esto puede afectar a diferentes tipos de operaciones (búsquedas, modificaciones, etc.). En otras palabras, un paso de autorización completado con éxito por un usuario afecta al requisito de autorización para un usuario diferente.", }, ], id: "CVE-2019-13565", lastModified: "2024-11-21T04:25:11.190", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-26T13:15:12.720", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://support.f5.com/csp/article/K98008862?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4078-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4078-2/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://www.openldap.org/its/index.cgi/?findid=9052", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K98008862?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4078-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4078-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://www.openldap.org/its/index.cgi/?findid=9052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-23 12:15
Modified
2024-11-21 04:31
Severity ?
Summary
In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| f5 | traffix_signaling_delivery_controller | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "E0C02F8E-5352-428C-AF29-EEC37F1C9FC9", versionEndExcluding: "5.2.14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.", }, { lang: "es", value: "En el kernel de Linux versiones anteriores a 5.2.14, la función rds6_inc_info_copy en el archivo net/rds/recv.c permite a atacantes obtener información confidencial de la memoria de la pila del kernel porque los campos tos y flags no están inicializados.", }, ], id: "CVE-2019-16714", lastModified: "2024-11-21T04:31:02.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-23T12:15:10.847", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/09/24/2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/09/25/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191031-0005/", }, { source: "cve@mitre.org", url: "https://support.f5.com/csp/article/K48351130?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4157-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4157-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/09/24/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/09/25/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20191031-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K48351130?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4157-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4157-2/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-909", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-03 16:15
Modified
2024-11-21 03:49
Severity ?
Summary
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "F15588EA-D854-4694-97C6-53D9AA8B6F2D", versionEndExcluding: "10.15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "14A4E46D-F0DB-4201-9102-EC89FACBE780", versionEndIncluding: "5.4.0", versionStartIncluding: "5.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "F37D18F2-8C6A-4557-85DC-2A751595423C", versionEndIncluding: "6.1.0", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2B589C35-55F2-4D40-B5A6-8267EE20D627", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5761ADC0-5F98-4727-B2DE-9299C9CE6BD8", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3B5688-0235-4D4F-A26C-440FF24A1B43", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6FCB6C17-33AC-4E5E-8633-7490058CA51F", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D6A53E3C-3E09-4100-8D5A-10AD4973C230", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "69450774-EFFB-4EB1-8321-2197CE379B49", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "151ED6D1-AA85-4213-8F3A-8167CBEC4721", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6F1C68BC-A3EF-4205-AD00-68CB3A8C65AF", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "925049D0-082E-4CED-9996-A55620A220CF", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FCAE28C2-0ADD-4FD0-A520-EFB764164DD8", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "E64E043B-3418-45C8-B2BB-F1611E7525A3", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "5D5AA99B-08E7-4959-A3B4-41AA527B4B22", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "4AC8FD5C-AE1A-4484-BB6F-EBB6A48D21F8", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "6D87C038-B96D-4EA8-AB03-0401B2C9BB24", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "36A213C6-D6E4-4F38-989D-81D3DFC11829", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "58A03238-74CE-4575-856E-502AEC669489", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9DC86A5F-C793-4848-901F-04BFB57A07F6", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0772A366-87B9-40EC-9F63-AE0FF0EF5002", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "037C035C-9CFC-4224-8264-6132252D11FD", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "59D9F39B-206B-4E76-A811-1CAA705A60EE", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0FEC23E9-FF6F-4019-8C85-4993663F7276", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8A53C692-D353-42E3-9148-F850DA11884F", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "70099A38-3B84-4C40-8590-BE6C8F7C21A7", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "55BFE22B-204D-4DD7-8EB3-8AC068EEE84C", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "55C2EC23-E78F-4447-BACF-21FC36ABF155", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "A35AC237-573B-4309-87EF-3945FA2449BF", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "46712630-407A-4E61-B62F-3AB156353A1D", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "1DE40473-ABAE-4D91-8EBB-FB5719E107F6", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "E8DBD757-75E0-48EB-B224-BFBEFF3B9487", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "EFFCCCFF-8B66-4C8B-A99A-32964855EF98", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "0D879CE9-E793-41A5-8C20-9BE90BCB012C", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "448BB033-AE0F-46A0-8E98-3A6AE36EADAE", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "5B85324E-B26B-4B31-B4D0-43438546A411", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "5A72C0B5-2AD5-4CA2-8F1A-C389E5578B20", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "945A19E8-51EB-42FE-9BF1-12DAC78B5286", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "0B6C3F50-BD60-4A8C-8DBB-680DA4D6BE6D", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "DC39F6EE-478A-4638-B97D-3C25FD318F3D", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "18B5A918-F9AA-4889-94A7-33E6E54CF383", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B2B7A18A-A9D6-42E5-89F7-F12D1E2866E3", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EB5007D0-BBDB-4D74-9C88-98FBA74757D1", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FB07E847-6083-4CC8-8A62-6B9744B87088", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5C556587-6963-49CF-8A2B-00431B386D78", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EF606356-8191-478D-AF60-D48A408CD9ED", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "D1F09706-85BC-43BE-8C4C-91E566258777", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "B7725810-66D2-4460-A174-9F3BFAD966F2", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0620AA57-83D1-41E6-8ABB-99F3FABB10F0", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "572B1078-60C4-4A71-A0F4-2E2F4FBC4102", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "FA3E37E6-64B9-4668-AC01-933711E1C934", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A81BB4CC-CA19-4C95-9F70-60D393B2AE50", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EFD760FE-4347-4D36-B5C6-4009398060F2", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BF552D91-612A-43E1-B2D6-02E2515FEA22", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C95403E8-A078-47E8-9B2F-F572D24C79EF", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8CCD3CF9-EA9D-43FF-8ADA-713B4B5C468E", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E971DDD5-7F8D-42A8-8738-052B9A3395FB", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "65B76F53-7D8B-477E-8B6E-91AC0A9009FF", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6704F0A6-16E2-4C2D-B5BD-EDDEAD5C153C", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EC6612AB-E46B-4A8B-9B3E-C711D8C27962", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "FD6796A4-5902-4B8B-9765-79BD6B3D2536", versionEndIncluding: "11.6.5", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "9F8860F9-2599-4463-AD42-7AF1FD64819B", versionEndIncluding: "13.1.3", versionStartIncluding: "13.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "F2ADF37B-FCEB-4735-82D9-4241E3A4DE64", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "BF378F37-554E-498A-8471-48F7544A231F", versionEndIncluding: "15.0.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D3CE7526-9630-48EF-81FB-44904AF0653F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().", }, { lang: "es", value: "El analizador FRF.16 en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-fr.c:mfr_print().", }, ], id: "CVE-2018-14468", lastModified: "2024-11-21T03:49:08.690", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-03T16:15:11.930", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://support.f5.com/csp/article/K04367730?utm_source=f5support&%3Butm_medium=RSS", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K04367730?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-27 23:29
Modified
2024-11-21 04:36
Severity ?
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", matchCriteriaId: "1FB0EC34-4625-4B2A-8AB9-0764D9D9E6BC", versionEndExcluding: "1.0.2r", versionStartIncluding: "1.0.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", matchCriteriaId: "BD075607-09B7-493E-8611-66D041FFDA62", versionStartIncluding: "7.3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", versionStartIncluding: "9.5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*", matchCriteriaId: "4E878102-1EA0-4D83-9F36-955DCF902211", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "62347994-1353-497C-9C4A-D5D8D95F67E8", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*", matchCriteriaId: "893C0367-DD1A-4754-B9E0-4944344108EC", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "C18CA4B5-28FD-4199-B1F0-B1E59E920370", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*", matchCriteriaId: "EB2FB857-5F1F-46E5-A90C-AFB990BF1660", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", matchCriteriaId: "0A4D418D-B526-46B9-B439-E1963BF88C0A", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*", matchCriteriaId: "7E968916-8CE0-4165-851F-14E37ECEA948", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "361B791A-D336-4431-8F68-8135BEFFAEA2", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", matchCriteriaId: "146A767F-DC04-454B-9913-17D3A2B5AAA4", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", matchCriteriaId: "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", matchCriteriaId: "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", matchCriteriaId: "61D7EF01-F618-497F-9375-8003CEA3D380", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", matchCriteriaId: "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*", matchCriteriaId: "F74F467A-0C81-40D9-BA06-40FB8EF02C04", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", matchCriteriaId: "7B7A6697-98CC-4E36-93DB-B7160F8399F9", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", matchCriteriaId: "D239B58A-9386-443D-B579-B56AE2A500BC", versionEndIncluding: "9.0.4", versionStartIncluding: "9.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", matchCriteriaId: "8ADFF451-740F-4DBA-BD23-3881945D3E40", vulnerable: true, }, { criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3B5688-0235-4D4F-A26C-440FF24A1B43", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "706316DC-8C24-4D9E-B7B4-F62CB52106B8", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EFBB9E7C-08D1-4B30-AD3B-CADBF30D756B", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "151ED6D1-AA85-4213-8F3A-8167CBEC4721", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BFA83D61-1A50-47F5-B9BE-15D672A6DDAD", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "925049D0-082E-4CED-9996-A55620A220CF", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "830028B5-9BAF-439C-8166-1053C0CB9836", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "5D5AA99B-08E7-4959-A3B4-41AA527B4B22", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "22C64069-68D1-445F-B20D-FD1FF8DB0F71", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "6D87C038-B96D-4EA8-AB03-0401B2C9BB24", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "01BC2A57-030F-4A13-B584-BE2627EA3FE7", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9DC86A5F-C793-4848-901F-04BFB57A07F6", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9CE03A8F-DAE1-4923-9741-DC89FA8A6FD8", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "037C035C-9CFC-4224-8264-6132252D11FD", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FD91F1A1-67F5-4547-848B-21664A9CC685", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A7E616EB-F2F9-43BF-A23D-8FD0650DA85B", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "10367A28-787A-4FAB-80AD-ADD67A751732", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "55C2EC23-E78F-4447-BACF-21FC36ABF155", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "180D2770-61F3-4CFB-B5FA-1CF1796D4B3E", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "46712630-407A-4E61-B62F-3AB156353A1D", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "21E18EA5-2210-41B1-87B0-55AB16514FE2", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "EFFCCCFF-8B66-4C8B-A99A-32964855EF98", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "5D0BD10F-735D-4442-828B-0B90207ABEAD", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "448BB033-AE0F-46A0-8E98-3A6AE36EADAE", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "CC06609D-C362-4214-8487-2278161B5EAD", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "945A19E8-51EB-42FE-9BF1-12DAC78B5286", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "2008DD47-CC1D-430F-8478-E90617F5F998", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "DC39F6EE-478A-4638-B97D-3C25FD318F3D", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "317C50A2-FE92-4C78-A94A-062274E6A6A8", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EB5007D0-BBDB-4D74-9C88-98FBA74757D1", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "389B6330-3041-4892-97D5-B5A6D9CE1487", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5C556587-6963-49CF-8A2B-00431B386D78", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D748001D-340C-45C4-A2D0-0575538C5CEC", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "B7725810-66D2-4460-A174-9F3BFAD966F2", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "D7854954-A9A4-487B-B6C7-8DC1F83F4BD7", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "572B1078-60C4-4A71-A0F4-2E2F4FBC4102", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "0371EB7C-3D41-4B8C-8FA9-DC6F42442448", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EFD760FE-4347-4D36-B5C6-4009398060F2", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FB7588DA-75D3-4374-8871-D92E95509C91", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C95403E8-A078-47E8-9B2F-F572D24C79EF", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9C1BC0A8-5868-4FCA-80A5-661C3870EB7D", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "65B76F53-7D8B-477E-8B6E-91AC0A9009FF", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E824BD72-428F-4A8D-ABE6-2A45EB9A4E3A", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0585424E-3F74-400E-8199-ED964317F89F", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B", versionEndIncluding: "12.1.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "7A6CF6F4-D68A-45C3-A36E-A8B3AF61367F", versionEndIncluding: "13.1.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "F2ADF37B-FCEB-4735-82D9-4241E3A4DE64", versionEndIncluding: "14.1.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "D7722F39-9B7E-4267-B757-B9570B039323", versionEndIncluding: "15.1.0", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "F37D18F2-8C6A-4557-85DC-2A751595423C", versionEndIncluding: "6.1.0", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "C88B0206-093A-4A18-8322-A1CD1D4ACF2A", versionEndIncluding: "7.1.0", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", matchCriteriaId: "427DA624-2397-4A61-A2ED-23F5C22C174E", versionEndIncluding: "8.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB30733E-68FC-49C4-86C0-7FEE75C366BF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*", matchCriteriaId: "6361DAC6-600F-4B15-8797-D67F298F46FB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "6ADE5E80-06D3-4A1B-A655-FBB6CCA03939", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*", matchCriteriaId: "E8FD5E05-3C58-465F-9D4F-ECC2CD78DCFF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "75A43965-CB2E-4C28-AFC3-1ADE7A6B845C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*", matchCriteriaId: "0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "4F2D2745-242C-4603-899E-70C9025BDDD2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*", matchCriteriaId: "EFB4541D-5EF7-4266-BFF3-2DDEC95E8012", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B7FD1DA9-7980-4643-B378-7095892DA176", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*", matchCriteriaId: "347E9E3E-941C-4109-B59F-B9BB05486B34", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "AD661062-0D5B-4671-9D92-FEF8D7395C1E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*", matchCriteriaId: "8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "B36CECA5-4545-49C2-92EB-B739407B207F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*", matchCriteriaId: "D8E7549A-DE35-4274-B3F6-22D51C7A6613", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*", matchCriteriaId: "CBD9362E-F36F-4820-A29E-5BDDF6AC3ACE", versionEndIncluding: "5.6.4", versionStartIncluding: "5.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*", matchCriteriaId: "02630E85-191E-4C58-B81B-4DAF93A26856", versionEndExcluding: "6.0.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*", matchCriteriaId: "65D5476E-FBF9-474B-87E1-B6459E52736C", versionEndExcluding: "3.0.0", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "DDD5E877-978C-4A16-B6C5-41A30D020B54", versionEndExcluding: "9.0.0", versionStartIncluding: "7.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E0F04157-FB34-4F22-B328-6BE1F2373DEE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BB28F9AF-3D06-4532-B397-96D7E4792503", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", matchCriteriaId: "33C068A4-3780-4EAB-A937-6082DF847564", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", matchCriteriaId: "A5553591-073B-45E3-999F-21B8BA2EEE22", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "523CD57C-43D4-4C79-BA00-A9A65C6588E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "77C3DD16-1D81-40E1-B312-50FBD275507C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", matchCriteriaId: "81DAC8C0-D342-44B5-9432-6B88D389584F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", matchCriteriaId: "C4534CF9-D9FD-4936-9D8C-077387028A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", matchCriteriaId: "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", matchCriteriaId: "CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*", matchCriteriaId: "F6E5E8B0-EDE5-4FE4-880C-766FAE1EA42C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "D8EDA23C-7F75-4712-AF3F-B0E3597810B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*", matchCriteriaId: "5D139E52-0528-4D05-8502-1AB9AB10CA9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*", matchCriteriaId: "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*", matchCriteriaId: "C05190B9-237F-4E2E-91EA-DB1B738864AD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*", matchCriteriaId: "D5D0F0C0-75EB-4685-A4CD-E58D1F2C6FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*", matchCriteriaId: "B59717B5-34D5-4C83-904A-884ED30DFC19", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*", matchCriteriaId: "19BA6F25-B88A-42A1-A9E3-2DCF4E8F51A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*", matchCriteriaId: "4E28B437-64A8-456C-98A1-4ADF5B6A2F60", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*", matchCriteriaId: "2D705705-0D0D-468B-A140-C9A1B7A6CE6F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*", matchCriteriaId: "07BB35D4-9CCD-43D3-B482-E0BEB3BF2351", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*", matchCriteriaId: "FB468FEE-A0F4-49A0-BBEE-10D0733C87D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*", matchCriteriaId: "DB290045-2140-47EE-9BB4-35BAE8F1599C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "98F3E643-4B65-4668-BB11-C61ED54D5A53", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CDCE0E90-495E-4437-8529-3C36441FB69D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", matchCriteriaId: "37209C6F-EF99-4D21-9608-B3A06D283D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*", matchCriteriaId: "83800E2F-804C-485D-A8FA-F4B32CDB4548", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "60BEB1C6-C279-4BB0-972C-BE28A6605C09", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*", matchCriteriaId: "0B1CAD50-749F-4ADB-A046-BF3585677A58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", matchCriteriaId: "C637AC8A-F5F7-447E-A7F6-D6BA7AB45DF9", versionEndIncluding: "5.6.43", versionStartIncluding: "5.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", matchCriteriaId: "CA988288-7D0C-4ADE-BE61-484D2D555A8A", versionEndIncluding: "5.7.25", versionStartIncluding: "5.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", matchCriteriaId: "0E106D13-CBF8-4A2C-8E89-A66C6EF5D408", versionEndIncluding: "8.0.15", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "DFBC7A65-3C0B-4B17-B087-250E69EE5B12", versionEndIncluding: "4.0.8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "A443D73A-63BE-4D1F-B605-0F7D20915518", versionEndIncluding: "8.0.14", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", matchCriteriaId: "71CD99E7-3FE7-42E2-B480-7AA0E543340E", versionEndIncluding: "8.0.16", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", matchCriteriaId: "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", matchCriteriaId: "B5265C91-FF5C-4451-A7C2-D388A65ACFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*", matchCriteriaId: "62DAD71E-A6D5-4CA9-A016-100F2D5114A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", matchCriteriaId: "F457852F-D998-4BCF-99FE-09C6DFC8851A", versionEndExcluding: "7.1.15", versionStartIncluding: "7.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", matchCriteriaId: "ACA311D7-0ADC-497A-8A47-5AB864F201DE", versionEndExcluding: "8.0.20", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", matchCriteriaId: "0F57DBD8-DCA7-43FB-AC9E-6BDBB3EBE500", versionEndExcluding: "8.1.8", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", matchCriteriaId: "AD1987BB-8F42-48F0-8FE2-70ABD689F434", versionEndExcluding: "9.0.2", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "D107EC29-67E7-40C3-8E5A-324C9105C5E4", versionEndIncluding: "6.8.1", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "FD2FB20C-EC88-4CD3-BC6E-1E65FAFADC36", versionEndExcluding: "6.17.0", versionStartIncluding: "6.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", matchCriteriaId: "74FB695D-2C76-47AB-988E-5629D2E695E5", versionEndIncluding: "8.8.1", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", matchCriteriaId: "A94F4836-1873-43F4-916E-9D9B302A053A", versionEndExcluding: "8.15.1", versionStartIncluding: "8.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", }, { lang: "es", value: "Si una aplicación encuentra un error de protocolo \"fatal\" y llama a SSL_shutdown() dos veces (una vez para enviar un close_notify y otra vez para recibir uno de éstos), posteriormente OpenSLL puede responder de manera diferente a la aplicación llamante si un registro de 0 byte se recibe con un relleno inválido, comparado con si un registro de 0 bytes se recibe con un MAC inválido.", }, ], id: "CVE-2019-1559", lastModified: "2024-11-21T04:36:48.960", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-27T23:29:00.277", references: [ { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107174", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2437", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2439", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2471", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { source: "openssl-security@openssl.org", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", }, { source: "openssl-security@openssl.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { source: "openssl-security@openssl.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-10", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190301-0001/", }, { source: "openssl-security@openssl.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190301-0002/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K18549143", }, { source: "openssl-security@openssl.org", url: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3899-1/", }, { source: "openssl-security@openssl.org", tags: [ "Broken Link", ], url: "https://usn.ubuntu.com/4376-2/", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4400", }, { source: "openssl-security@openssl.org", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20190226.txt", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "openssl-security@openssl.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-02", }, { source: "openssl-security@openssl.org", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-03", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2437", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2471", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201903-10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190301-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190301-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K18549143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3899-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://usn.ubuntu.com/4376-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4400", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.openssl.org/news/secadv/20190226.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.tenable.com/security/tns-2019-03", }, ], sourceIdentifier: "openssl-security@openssl.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-03 16:15
Modified
2024-11-21 03:49
Severity ?
Summary
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tcpdump | tcpdump | * | |
| f5 | traffix_signaling_delivery_controller | * | |
| tcpdump | tcpdump | * | |
| apple | mac_os_x | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*", matchCriteriaId: "CA59BD9C-6C0C-4584-A8CC-8C652E9D36AF", versionEndExcluding: "4.9.3", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", matchCriteriaId: "F15588EA-D854-4694-97C6-53D9AA8B6F2D", versionEndExcluding: "10.15.2", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().", }, { lang: "es", value: "El analizador ICMP en tcpdump versiones anteriores a 4.9.3, presenta una lectura excesiva del búfer en print-icmp.c:icmp_print().", }, ], id: "CVE-2018-14462", lastModified: "2024-11-21T03:49:07.383", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-03T16:15:11.490", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4252-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4252-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4547", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-02 14:29
Modified
2024-11-21 04:01
Severity ?
Summary
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/106444 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:3352 | ||
| cve@mitre.org | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://support.f5.com/csp/article/K62602089 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106444 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3352 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K62602089 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | binutils | 2.31.1 | |
| f5 | traffix_signaling_delivery_controller | * | |
| f5 | traffix_signaling_delivery_controller | 4.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*", matchCriteriaId: "A8A2A091-F7E8-438C-8DE8-788A1DD5D11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", }, { lang: "es", value: "La función demangle_template en cplus-dem.c en GNU libiberty, como se distribuyó en la versión 2.31.1, tiene una fuga de memoria mediante una cadena manipulada, provocando una denegación de servicio (consumo de memoria), tal y como queda demostrado con cxxfilt. Este problema está relacionado con CVE-2018-12698.", }, ], id: "CVE-2018-20657", lastModified: "2024-11-21T04:01:56.693", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-02T14:29:00.313", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106444", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:3352", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K62602089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:3352", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K62602089", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-24 00:29
Modified
2024-11-21 04:50
Severity ?
Summary
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | binutils | 2.32 | |
| netapp | element_software_management | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| f5 | traffix_signaling_delivery_controller | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:binutils:2.32:*:*:*:*:*:*:*", matchCriteriaId: "8A276274-BE53-4BC8-B3E4-3DF151E5FC7D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:element_software_management:*:*:*:*:*:*:*:*", matchCriteriaId: "EBFBFB4E-12C9-4AFF-9194-B8D1D01EA6E2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52F91D-3F39-4D89-8069-EC422FB1F700", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.", }, { lang: "es", value: "Se ha descubierto una vulnerabilidad en GNU libiberty, tal y como se distribuye en GNU Binutils 2.32. Es una sobrelectura de búfer basada en memoria dinámica (heap) en d_expression_1 en cp-demangle.c tras numerosas llamadas recursivas.", }, ], id: "CVE-2019-9070", lastModified: "2024-11-21T04:50:55.423", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-24T00:29:00.237", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107147", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190314-0003/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24229", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K13534168", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4326-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4336-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202107-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190314-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24229", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K13534168", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4326-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4336-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2018-1320
Vulnerability from cvelistv5
Published
2019-01-07 18:00
Modified
2024-08-05 03:59
Severity ?
EPSS score ?
Summary
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Thrift |
Version: Apache Thrift 0.5.0 to 0.11.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:37.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3%40%3Cuser.thrift.apache.org%3E", }, { name: "106551", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106551", }, { name: "[debian-lts-announce] 20190206 [SECURITY] [DLA 1662-1] libthrift-java security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html", }, { name: "[infra-devnull] 20190324 [GitHub] [thrift] luciferous opened pull request #1771: THRIFT-4506: fix use of assert for correctness in Java SASL negotiation", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9%40%3Cdevnull.infra.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K36361684", }, { name: "[storm-dev] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f%40%3Cdev.storm.apache.org%3E", }, { name: "[storm-user] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc%40%3Cuser.storm.apache.org%3E", }, { name: "[announce] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80%40%3Cannounce.apache.org%3E", }, { name: "[oss-security] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/24/3", }, { name: "RHSA-2019:2413", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15422) CVE-2018-1320(The libthrift component is vulnerable to Improper Access Control) on Cassendra 3.11.4", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20191119 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20191119 [jira] [Assigned] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be%40%3Ccommits.cassandra.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210323 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210415 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210415 [jira] [Comment Edited] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210415 [jira] [Commented] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210924 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5%40%3Ccommits.cassandra.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Thrift", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Thrift 0.5.0 to 0.11.0", }, ], }, ], datePublic: "2019-01-07T00:00:00", descriptions: [ { lang: "en", value: "Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Authentication", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-24T16:06:13", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3%40%3Cuser.thrift.apache.org%3E", }, { name: "106551", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106551", }, { name: "[debian-lts-announce] 20190206 [SECURITY] [DLA 1662-1] libthrift-java security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html", }, { name: "[infra-devnull] 20190324 [GitHub] [thrift] luciferous opened pull request #1771: THRIFT-4506: fix use of assert for correctness in Java SASL negotiation", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9%40%3Cdevnull.infra.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K36361684", }, { name: "[storm-dev] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f%40%3Cdev.storm.apache.org%3E", }, { name: "[storm-user] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc%40%3Cuser.storm.apache.org%3E", }, { name: "[announce] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80%40%3Cannounce.apache.org%3E", }, { name: "[oss-security] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/07/24/3", }, { name: "RHSA-2019:2413", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15422) CVE-2018-1320(The libthrift component is vulnerable to Improper Access Control) on Cassendra 3.11.4", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20191119 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20191119 [jira] [Assigned] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be%40%3Ccommits.cassandra.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210323 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210415 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210415 [jira] [Comment Edited] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210415 [jira] [Commented] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3%40%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210924 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5%40%3Ccommits.cassandra.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2018-1320", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Thrift", version: { version_data: [ { version_value: "Apache Thrift 0.5.0 to 0.11.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Authentication", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3@%3Cuser.thrift.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/da5234b5e78f1c99190407f791dfe1bf6c58de8d30d15974a9669be3@%3Cuser.thrift.apache.org%3E", }, { name: "106551", refsource: "BID", url: "http://www.securityfocus.com/bid/106551", }, { name: "[debian-lts-announce] 20190206 [SECURITY] [DLA 1662-1] libthrift-java security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00008.html", }, { name: "[infra-devnull] 20190324 [GitHub] [thrift] luciferous opened pull request #1771: THRIFT-4506: fix use of assert for correctness in Java SASL negotiation", refsource: "MLIST", url: "https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9@%3Cdevnull.infra.apache.org%3E", }, { name: "https://support.f5.com/csp/article/K36361684", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K36361684", }, { name: "[storm-dev] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", refsource: "MLIST", url: "https://lists.apache.org/thread.html/dbe3a39b48900318ad44494e8721f786901ba4520cd412c7698f534f@%3Cdev.storm.apache.org%3E", }, { name: "[storm-user] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", refsource: "MLIST", url: "https://lists.apache.org/thread.html/dfee89880c84874058c6a584d8128468f8d3c2ac25068ded91073adc@%3Cuser.storm.apache.org%3E", }, { name: "[announce] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", refsource: "MLIST", url: "https://lists.apache.org/thread.html/e825ff2f4e129c0ecdb6a19030b53c1ccdf810a8980667628d0c6a80@%3Cannounce.apache.org%3E", }, { name: "[oss-security] 20190724 [CVE-2018-1320] Apache Storm vulnerable Thrift version", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/07/24/3", }, { name: "RHSA-2019:2413", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2413", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15422) CVE-2018-1320(The libthrift component is vulnerable to Improper Access Control) on Cassendra 3.11.4", refsource: "MLIST", url: "https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d@%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/6b07f6f618155c777191b4fad8ade0f0cf4ed4c12a1a746ce903d816@%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20191119 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54@%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20191119 [jira] [Assigned] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/8be5b16c02567fff61b1284e5df433a4e38617bc7de4804402bf62be@%3Ccommits.cassandra.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210323 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2278846f7ab06ec07a0aa31457235e0ded9191b216cba55f3f315f16@%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210415 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r261972a3b14cf6f1dcd94b1b265e9ef644a38ccdf0d0238fa0c4d459@%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210415 [jira] [Comment Edited] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r09c3dcdccf4b74ad13bda79b354e6b793255ccfe245cca1b8cee23f5@%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210415 [jira] [Commented] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3d71a6dbb063aa61ba81278fe622b20bfe7501bb3821c27695641ac3@%3Ccommits.cassandra.apache.org%3E", }, { name: "[cassandra-commits] 20210924 [jira] [Updated] (CASSANDRA-15424) CVE-2018-1320 (The libthrift component is vulnerable to Improper Access Control)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1015eaadef8314daa9348aa423086a732cfeb998ceb5d42605c9b0b5@%3Ccommits.cassandra.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2018-1320", datePublished: "2019-01-07T18:00:00", dateReserved: "2017-12-07T00:00:00", dateUpdated: "2024-08-05T03:59:37.833Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2002-20001
Vulnerability from cvelistv5
Published
2021-11-11 00:00
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T04:06:55.288Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Balasys/dheater", }, { tags: [ "x_transferred", ], url: "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol", }, { tags: [ "x_transferred", ], url: "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/", }, { tags: [ "x_transferred", ], url: "https://github.com/mozilla/ssl-config-generator/issues/162", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf", }, { tags: [ "x_transferred", ], url: "https://www.suse.com/support/kb/doc/?id=000020510", }, { tags: [ "x_transferred", ], url: "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/", }, { tags: [ "x_transferred", ], url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt", }, { tags: [ "x_transferred", ], url: "https://support.f5.com/csp/article/K83120834", }, { tags: [ "x_transferred", ], url: "https://dheatattack.com", }, { tags: [ "x_transferred", ], url: "https://gitlab.com/dheatattack/dheater", }, { tags: [ "x_transferred", ], url: "https://dheatattack.gitlab.io/", }, { tags: [ "x_transferred", ], url: "https://ieeexplore.ieee.org/document/10374117", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-23T06:51:09.585Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Balasys/dheater", }, { url: "https://www.researchgate.net/profile/Anton-Stiglic-2/publication/2401745_Security_Issues_in_the_Diffie-Hellman_Key_Agreement_Protocol", }, { url: "https://www.reddit.com/r/netsec/comments/qdoosy/server_overload_by_enforcing_dhe_key_exchange/", }, { url: "https://github.com/mozilla/ssl-config-generator/issues/162", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf", }, { url: "https://www.suse.com/support/kb/doc/?id=000020510", }, { url: "https://www.openssl.org/blog/blog/2022/10/21/tls-groups-configuration/", }, { url: "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-004.txt", }, { url: "https://support.f5.com/csp/article/K83120834", }, { url: "https://dheatattack.com", }, { url: "https://gitlab.com/dheatattack/dheater", }, { url: "https://dheatattack.gitlab.io/", }, { url: "https://ieeexplore.ieee.org/document/10374117", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2002-20001", datePublished: "2021-11-11T00:00:00.000Z", dateReserved: "2021-11-11T00:00:00.000Z", dateUpdated: "2025-02-13T16:27:06.803Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-9077
Vulnerability from cvelistv5
Published
2019-02-24 00:00
Modified
2024-08-04 21:38
Severity ?
EPSS score ?
Summary
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=24243 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107139 | vdb-entry, x_refsource_BID | |
| https://security.netapp.com/advisory/ntap-20190314-0003/ | x_refsource_CONFIRM | |
| https://support.f5.com/csp/article/K00056379 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4336-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:38:46.345Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", }, { name: "107139", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107139", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190314-0003/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K00056379", }, { name: "USN-4336-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4336-1/", }, { name: "openSUSE-SU-2020:1790", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html", }, { name: "openSUSE-SU-2020:1804", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-23T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-10T04:06:51", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", }, { name: "107139", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107139", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190314-0003/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K00056379", }, { name: "USN-4336-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4336-1/", }, { name: "openSUSE-SU-2020:1790", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html", }, { name: "openSUSE-SU-2020:1804", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-9077", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", refsource: "MISC", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24243", }, { name: "107139", refsource: "BID", url: "http://www.securityfocus.com/bid/107139", }, { name: "https://security.netapp.com/advisory/ntap-20190314-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190314-0003/", }, { name: "https://support.f5.com/csp/article/K00056379", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K00056379", }, { name: "USN-4336-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4336-1/", }, { name: "openSUSE-SU-2020:1790", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html", }, { name: "openSUSE-SU-2020:1804", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html", }, { name: "GLSA-202107-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-9077", datePublished: "2019-02-24T00:00:00", dateReserved: "2019-02-23T00:00:00", dateUpdated: "2024-08-04T21:38:46.345Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11477
Vulnerability from cvelistv5
Published
2019-06-18 23:34
Modified
2024-09-17 02:21
Severity ?
EPSS score ?
Summary
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux kernel |
Version: 4.4 < 4.4.182 Version: 4.9 < 4.9.182 Version: 4.14 < 4.14.127 Version: 4.19 < 4.19.52 Version: 5.1 < 5.1.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:55:40.213Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VU#905115", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/905115", }, { name: "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/06/20/3", }, { name: "RHSA-2019:1594", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { name: "RHSA-2019:1602", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "RHSA-2019:1699", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { name: "[oss-security] 20191023 Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K78234183", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Linux kernel", vendor: "Linux", versions: [ { lessThan: "4.4.182", status: "affected", version: "4.4", versionType: "custom", }, { lessThan: "4.9.182", status: "affected", version: "4.9", versionType: "custom", }, { lessThan: "4.14.127", status: "affected", version: "4.14", versionType: "custom", }, { lessThan: "4.19.52", status: "affected", version: "4.19", versionType: "custom", }, { lessThan: "5.1.11", status: "affected", version: "5.1", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Jonathan Looney from Netflix", }, ], datePublic: "2019-06-17T00:00:00", descriptions: [ { lang: "en", value: "Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:56", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { name: "VU#905115", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/905115", }, { name: "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/06/20/3", }, { name: "RHSA-2019:1594", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { name: "RHSA-2019:1602", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "RHSA-2019:1699", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { name: "[oss-security] 20191023 Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { tags: [ "x_refsource_MISC", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K78234183", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, ], source: { advisory: "https://usn.ubuntu.com/4017-1", defect: [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637", ], discovery: "UNKNOWN", }, title: "Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs", x_generator: { engine: "Vulnogram 0.0.7", }, x_legacyV4Record: { CVE_data_meta: { AKA: "SACK Panic", ASSIGNER: "security@ubuntu.com", DATE_PUBLIC: "2019-06-17T00:00:00.000Z", ID: "CVE-2019-11477", STATE: "PUBLIC", TITLE: "Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Linux kernel", version: { version_data: [ { version_affected: "<", version_name: "4.4", version_value: "4.4.182", }, { version_affected: "<", version_name: "4.9", version_value: "4.9.182", }, { version_affected: "<", version_name: "4.14", version_value: "4.14.127", }, { version_affected: "<", version_name: "4.19", version_value: "4.19.52", }, { version_affected: "<", version_name: "5.1", version_value: "5.1.11", }, ], }, }, ], }, vendor_name: "Linux", }, ], }, }, credit: [ { lang: "eng", value: "Jonathan Looney from Netflix", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.", }, ], }, generator: { engine: "Vulnogram 0.0.7", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-190 Integer Overflow or Wraparound", }, ], }, ], }, references: { reference_data: [ { name: "VU#905115", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/905115", }, { name: "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/06/20/3", }, { name: "RHSA-2019:1594", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { name: "RHSA-2019:1602", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "RHSA-2019:1699", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { name: "[oss-security] 20191023 Membership application for linux-distros - VMware", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", }, { name: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", refsource: "MISC", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { name: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", refsource: "MISC", url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { name: "https://access.redhat.com/security/vulnerabilities/tcpsack", refsource: "MISC", url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { name: "https://support.f5.com/csp/article/K78234183", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K78234183", }, { name: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", }, { name: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", refsource: "CONFIRM", url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { name: "https://www.synology.com/security/advisory/Synology_SA_19_28", refsource: "CONFIRM", url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { name: "https://security.netapp.com/advisory/ntap-20190625-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { name: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { name: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", refsource: "MISC", url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { name: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", }, { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", }, { name: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", refsource: "CONFIRM", url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, ], }, source: { advisory: "https://usn.ubuntu.com/4017-1", defect: [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637", ], discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2019-11477", datePublished: "2019-06-18T23:34:51.026970Z", dateReserved: "2019-04-23T00:00:00", dateUpdated: "2024-09-17T02:21:15.995Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14469
Vulnerability from cvelistv5
Published
2019-10-03 15:29
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:29:51.644Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-05T03:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14469", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "https://security.netapp.com/advisory/ntap-20200120-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14469", datePublished: "2019-10-03T15:29:17", dateReserved: "2018-07-20T00:00:00", dateUpdated: "2024-08-05T09:29:51.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11478
Vulnerability from cvelistv5
Published
2019-06-18 23:34
Modified
2024-09-16 23:45
Severity ?
EPSS score ?
Summary
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux kernel |
Version: 4.4 < 4.4.182 Version: 4.9 < 4.9.182 Version: 4.14 < 4.14.127 Version: 4.19 < 4.19.52 Version: 5.1 < 5.1.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:55:40.767Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VU#905115", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/905115", }, { name: "RHSA-2019:1594", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { name: "RHSA-2019:1602", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "RHSA-2019:1699", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "[oss-security] 20191023 Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K26618426", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Linux kernel", vendor: "Linux", versions: [ { lessThan: "4.4.182", status: "affected", version: "4.4", versionType: "custom", }, { lessThan: "4.9.182", status: "affected", version: "4.9", versionType: "custom", }, { lessThan: "4.14.127", status: "affected", version: "4.14", versionType: "custom", }, { lessThan: "4.19.52", status: "affected", version: "4.19", versionType: "custom", }, { lessThan: "5.1.11", status: "affected", version: "5.1", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Jonathan Looney from Netflix", }, ], datePublic: "2019-06-17T00:00:00", descriptions: [ { lang: "en", value: "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:56", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { name: "VU#905115", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/905115", }, { name: "RHSA-2019:1594", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { name: "RHSA-2019:1602", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "RHSA-2019:1699", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "[oss-security] 20191023 Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { tags: [ "x_refsource_MISC", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K26618426", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", }, ], source: { advisory: "https://usn.ubuntu.com/4017-1", defect: [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638", ], discovery: "UNKNOWN", }, title: "SACK can cause extensive memory use via fragmented resend queue", x_generator: { engine: "Vulnogram 0.0.7", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", DATE_PUBLIC: "2019-06-17T00:00:00.000Z", ID: "CVE-2019-11478", STATE: "PUBLIC", TITLE: "SACK can cause extensive memory use via fragmented resend queue", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Linux kernel", version: { version_data: [ { version_affected: "<", version_name: "4.4", version_value: "4.4.182", }, { version_affected: "<", version_name: "4.9", version_value: "4.9.182", }, { version_affected: "<", version_name: "4.14", version_value: "4.14.127", }, { version_affected: "<", version_name: "4.19", version_value: "4.19.52", }, { version_affected: "<", version_name: "5.1", version_value: "5.1.11", }, ], }, }, ], }, vendor_name: "Linux", }, ], }, }, credit: [ { lang: "eng", value: "Jonathan Looney from Netflix", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.", }, ], }, generator: { engine: "Vulnogram 0.0.7", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-770 Allocation of Resources Without Limits or Throttling", }, ], }, ], }, references: { reference_data: [ { name: "VU#905115", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/905115", }, { name: "RHSA-2019:1594", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { name: "RHSA-2019:1602", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "RHSA-2019:1699", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { name: "20190722 [SECURITY] [DSA 4484-1] linux security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Jul/30", }, { name: "[oss-security] 20191023 Membership application for linux-distros - VMware", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", refsource: "MISC", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { name: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", refsource: "MISC", url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { name: "https://access.redhat.com/security/vulnerabilities/tcpsack", refsource: "MISC", url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { name: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", }, { name: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", refsource: "CONFIRM", url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { name: "https://www.synology.com/security/advisory/Synology_SA_19_28", refsource: "CONFIRM", url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { name: "https://security.netapp.com/advisory/ntap-20190625-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { name: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { name: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", refsource: "MISC", url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { name: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", }, { name: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", refsource: "CONFIRM", url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", }, { name: "https://support.f5.com/csp/article/K26618426", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K26618426", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", }, { name: "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", }, ], }, source: { advisory: "https://usn.ubuntu.com/4017-1", defect: [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638", ], discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2019-11478", datePublished: "2019-06-18T23:34:51.077803Z", dateReserved: "2019-04-23T00:00:00", dateUpdated: "2024-09-16T23:45:54.779Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14879
Vulnerability from cvelistv5
Published
2019-10-03 15:33
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:46:23.862Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K51512510?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-05T03:06:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K51512510?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14879", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.f5.com/csp/article/K51512510?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K51512510?utm_source=f5support&utm_medium=RSS", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "https://security.netapp.com/advisory/ntap-20200120-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14879", datePublished: "2019-10-03T15:33:33", dateReserved: "2018-08-03T00:00:00", dateUpdated: "2024-08-05T09:46:23.862Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-16229
Vulnerability from cvelistv5
Published
2019-10-03 15:48
Modified
2024-08-05 10:17
Severity ?
EPSS score ?
Summary
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:17:38.462Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-05T03:06:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-16229", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "https://security.netapp.com/advisory/ntap-20200120-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-16229", datePublished: "2019-10-03T15:48:05", dateReserved: "2018-08-30T00:00:00", dateUpdated: "2024-08-05T10:17:38.462Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-11479
Vulnerability from cvelistv5
Published
2019-06-18 23:34
Modified
2024-09-16 23:22
Severity ?
EPSS score ?
Summary
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux kernel |
Version: 4.4 < 4.4.182 Version: 4.9 < 4.9.182 Version: 4.14 < 4.14.127 Version: 4.19 < 4.19.52 Version: 5.1 < 5.1.11 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:55:40.780Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "108818", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108818", }, { name: "VU#905115", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/905115", }, { name: "RHSA-2019:1594", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { name: "RHSA-2019:1602", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "USN-4041-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4041-2/", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "RHSA-2019:1699", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { name: "USN-4041-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4041-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K35421172", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K35421172?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.us-cert.gov/ics/advisories/icsma-20-170-06", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Linux kernel", vendor: "Linux", versions: [ { lessThan: "4.4.182", status: "affected", version: "4.4", versionType: "custom", }, { lessThan: "4.9.182", status: "affected", version: "4.9", versionType: "custom", }, { lessThan: "4.14.127", status: "affected", version: "4.14", versionType: "custom", }, { lessThan: "4.19.52", status: "affected", version: "4.19", versionType: "custom", }, { lessThan: "5.1.11", status: "affected", version: "5.1", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Jonathan Looney from Netflix", }, ], datePublic: "2019-06-17T00:00:00", descriptions: [ { lang: "en", value: "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-405", description: "CWE-405 Asymmetric Resource Consumption (Amplification)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:14:56", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { name: "108818", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108818", }, { name: "VU#905115", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/905115", }, { name: "RHSA-2019:1594", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { name: "RHSA-2019:1602", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "USN-4041-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4041-2/", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "RHSA-2019:1699", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { name: "USN-4041-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4041-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { tags: [ "x_refsource_MISC", ], url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K35421172", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K35421172?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_MISC", ], url: "https://www.us-cert.gov/ics/advisories/icsma-20-170-06", }, ], source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832286", ], discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.0.7", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", DATE_PUBLIC: "2019-06-17T00:00:00.000Z", ID: "CVE-2019-11479", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Linux kernel", version: { version_data: [ { version_affected: "<", version_name: "4.4", version_value: "4.4.182", }, { version_affected: "<", version_name: "4.9", version_value: "4.9.182", }, { version_affected: "<", version_name: "4.14", version_value: "4.14.127", }, { version_affected: "<", version_name: "4.19", version_value: "4.19.52", }, { version_affected: "<", version_name: "5.1", version_value: "5.1.11", }, ], }, }, ], }, vendor_name: "Linux", }, ], }, }, credit: [ { lang: "eng", value: "Jonathan Looney from Netflix", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.", }, ], }, generator: { engine: "Vulnogram 0.0.7", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-405 Asymmetric Resource Consumption (Amplification)", }, ], }, ], }, references: { reference_data: [ { name: "108818", refsource: "BID", url: "http://www.securityfocus.com/bid/108818", }, { name: "VU#905115", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/905115", }, { name: "RHSA-2019:1594", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1594", }, { name: "RHSA-2019:1602", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1602", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "USN-4041-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4041-2/", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "RHSA-2019:1699", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1699", }, { name: "USN-4041-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4041-1/", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", refsource: "MISC", url: "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", }, { name: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", refsource: "MISC", url: "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", }, { name: "https://access.redhat.com/security/vulnerabilities/tcpsack", refsource: "MISC", url: "https://access.redhat.com/security/vulnerabilities/tcpsack", }, { name: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", refsource: "CONFIRM", url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", }, { name: "https://www.synology.com/security/advisory/Synology_SA_19_28", refsource: "CONFIRM", url: "https://www.synology.com/security/advisory/Synology_SA_19_28", }, { name: "https://security.netapp.com/advisory/ntap-20190625-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190625-0001/", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", }, { name: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", refsource: "MISC", url: "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", }, { name: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", refsource: "CONFIRM", url: "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", }, { name: "https://support.f5.com/csp/article/K35421172", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K35421172", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", }, { name: "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS", }, { name: "https://www.us-cert.gov/ics/advisories/icsma-20-170-06", refsource: "MISC", url: "https://www.us-cert.gov/ics/advisories/icsma-20-170-06", }, ], }, source: { defect: [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832286", ], discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2019-11479", datePublished: "2019-06-18T23:34:51.124134Z", dateReserved: "2019-04-23T00:00:00", dateUpdated: "2024-09-16T23:22:00.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-16714
Vulnerability from cvelistv5
Published
2019-09-23 11:45
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736 | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/09/24/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2019/09/25/1 | mailing-list, x_refsource_MLIST | |
| https://support.f5.com/csp/article/K48351130?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4157-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4157-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20191031-0005/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:17:41.223Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14", }, { name: "[oss-security] 20190924 CVE-2019-16714: info leak in RDS rds6_inc_info_copy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/09/24/2", }, { name: "[oss-security] 20190925 CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/09/25/1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K48351130?utm_source=f5support&%3Butm_medium=RSS", }, { name: "USN-4157-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4157-1/", }, { name: "USN-4157-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4157-2/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20191031-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-31T08:06:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14", }, { name: "[oss-security] 20190924 CVE-2019-16714: info leak in RDS rds6_inc_info_copy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/09/24/2", }, { name: "[oss-security] 20190925 CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/09/25/1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K48351130?utm_source=f5support&%3Butm_medium=RSS", }, { name: "USN-4157-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4157-1/", }, { name: "USN-4157-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4157-2/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20191031-0005/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-16714", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/7d0a06586b2686ba80c4a2da5f91cb10ffbea736", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.14", }, { name: "[oss-security] 20190924 CVE-2019-16714: info leak in RDS rds6_inc_info_copy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/09/24/2", }, { name: "[oss-security] 20190925 CVE-2019-16714: Linux kernel net/rds: info leak vulnerability in rds6_inc_info_copy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/09/25/1", }, { name: "https://support.f5.com/csp/article/K48351130?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K48351130?utm_source=f5support&utm_medium=RSS", }, { name: "USN-4157-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4157-1/", }, { name: "USN-4157-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4157-2/", }, { name: "https://security.netapp.com/advisory/ntap-20191031-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20191031-0005/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-16714", datePublished: "2019-09-23T11:45:20", dateReserved: "2019-09-23T00:00:00", dateUpdated: "2024-08-05T01:17:41.223Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-7169
Vulnerability from cvelistv5
Published
2014-09-25 01:00
Modified
2025-02-10 19:31
Severity ?
EPSS score ?
Summary
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:40:19.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "[oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/09/24/32", }, { name: "HPSBMU03165", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "HPSBHF03119", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "openSUSE-SU-2014:1229", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "61188", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61188", }, { name: "JVN#55667175", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61676", }, { name: "openSUSE-SU-2014:1254", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60433", }, { name: "HPSBMU03143", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { name: "RHSA-2014:1306", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1306.html", }, { name: "HPSBST03155", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61715", }, { name: "USN-2363-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2363-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61654", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62312", }, { name: "59272", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "RHSA-2014:1312", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1312.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "USN-2363-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2363-1", }, { name: "SSRT101868", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61703", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61065", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-3075.html", }, { name: "HPSBST03129", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.novell.com/security/cve/CVE-2014-7169.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "JVNDB-2014-000126", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "61641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61641", }, { name: "SUSE-SU-2014:1247", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/node/1200223", }, { name: "SUSE-SU-2014:1287", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "61619", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61619", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-3078.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "HPSBMU03220", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60325", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60024", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/34879/", }, { name: "61622", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61622", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/articles/1200223", }, { name: "62343", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62343", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2014-0393.html", }, { name: "61565", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61565", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61873", }, { name: "61485", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61485", }, { name: "openSUSE-SU-2014:1242", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html", }, { name: "61618", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61618", }, { name: "60947", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60947", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61312", }, { name: "60193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { name: "61479", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61479", }, { name: "60063", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60063", }, { name: "60034", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59907", }, { name: "58200", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61643", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://twitter.com/taviso/statuses/514887394294652929", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61503", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "HPSBGN03117", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "HPSBHF03145", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61552", }, { name: "61780", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61780", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX200223", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-3077.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60044", }, { name: "61291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61291", }, { name: "HPSBHF03125", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59737", }, { name: "61287", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "SSRT101739", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { name: "RHSA-2014:1311", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1311.html", }, { name: "61128", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61128", }, { name: "DSA-3035", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-3035", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61471", }, { name: "60055", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61550", }, { name: "61633", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61633", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-1306.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "SUSE-SU-2014:1259", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html", }, { name: "61328", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61328", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "61129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61129", }, { name: "61700", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61700", }, { name: "61626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61626", }, { name: "61603", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61603", }, { name: "61857", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61857", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2014-7169", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-10T19:31:47.209255Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-01-28", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-7169", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T19:31:56.166Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-24T00:00:00.000Z", descriptions: [ { lang: "en", value: "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-05T16:41:42.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "[oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2014/09/24/32", }, { name: "HPSBMU03165", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "HPSBHF03119", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "openSUSE-SU-2014:1229", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "61188", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61188", }, { name: "JVN#55667175", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61676", }, { name: "openSUSE-SU-2014:1254", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60433", }, { name: "HPSBMU03143", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { name: "RHSA-2014:1306", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1306.html", }, { name: "HPSBST03155", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61715", }, { name: "USN-2363-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2363-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61654", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62312", }, { name: "59272", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "RHSA-2014:1312", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1312.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "USN-2363-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2363-1", }, { name: "SSRT101868", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61703", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61065", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-3075.html", }, { name: "HPSBST03129", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.novell.com/security/cve/CVE-2014-7169.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "JVNDB-2014-000126", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "61641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61641", }, { name: "SUSE-SU-2014:1247", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/node/1200223", }, { name: "SUSE-SU-2014:1287", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "61619", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61619", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-3078.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "HPSBMU03220", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60325", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60024", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/34879/", }, { name: "61622", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61622", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/articles/1200223", }, { name: "62343", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62343", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2014-0393.html", }, { name: "61565", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61565", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61873", }, { name: "61485", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61485", }, { name: "openSUSE-SU-2014:1242", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html", }, { name: "61618", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61618", }, { name: "60947", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60947", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61312", }, { name: "60193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60193", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { name: "61479", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61479", }, { name: "60063", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60063", }, { name: "60034", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59907", }, { name: "58200", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61643", }, { tags: [ "x_refsource_MISC", ], url: "http://twitter.com/taviso/statuses/514887394294652929", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61503", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "HPSBGN03117", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "HPSBHF03145", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61552", }, { name: "61780", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61780", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX200223", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-3077.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60044", }, { name: "61291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61291", }, { name: "HPSBHF03125", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59737", }, { name: "61287", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "SSRT101739", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { name: "RHSA-2014:1311", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1311.html", }, { name: "61128", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61128", }, { name: "DSA-3035", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-3035", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61471", }, { name: "60055", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61550", }, { name: "61633", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61633", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-1306.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "SUSE-SU-2014:1259", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html", }, { name: "61328", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61328", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "61129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61129", }, { name: "61700", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61700", }, { name: "61626", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61626", }, { name: "61603", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61603", }, { name: "61857", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61857", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { tags: [ "x_refsource_MISC", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-7169", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "[oss-security] 20140924 Re: CVE-2014-6271: remote code execution through bash", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2014/09/24/32", }, { name: "HPSBMU03165", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "HPSBHF03119", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { name: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", refsource: "CONFIRM", url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "openSUSE-SU-2014:1229", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "61188", refsource: "SECUNIA", url: "http://secunia.com/advisories/61188", }, { name: "JVN#55667175", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", refsource: "SECUNIA", url: "http://secunia.com/advisories/61676", }, { name: "openSUSE-SU-2014:1254", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", refsource: "SECUNIA", url: "http://secunia.com/advisories/60433", }, { name: "HPSBMU03143", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { name: "RHSA-2014:1306", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1306.html", }, { name: "HPSBST03155", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", refsource: "SECUNIA", url: "http://secunia.com/advisories/61715", }, { name: "USN-2363-2", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2363-2", }, { name: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", refsource: "SECUNIA", url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", refsource: "SECUNIA", url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", refsource: "SECUNIA", url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", refsource: "SECUNIA", url: "http://secunia.com/advisories/61654", }, { name: "http://www.novell.com/support/kb/doc.php?id=7015701", refsource: "CONFIRM", url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { name: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", refsource: "CONFIRM", url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", refsource: "SECUNIA", url: "http://secunia.com/advisories/62312", }, { name: "59272", refsource: "SECUNIA", url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { name: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", refsource: "CONFIRM", url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "RHSA-2014:1312", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1312.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "USN-2363-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2363-1", }, { name: "SSRT101868", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", refsource: "SECUNIA", url: "http://secunia.com/advisories/61703", }, { name: "http://support.apple.com/kb/HT6495", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", refsource: "SECUNIA", url: "http://secunia.com/advisories/61065", }, { name: "http://linux.oracle.com/errata/ELSA-2014-3075.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-3075.html", }, { name: "HPSBST03129", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { name: "http://support.novell.com/security/cve/CVE-2014-7169.html", refsource: "CONFIRM", url: "http://support.novell.com/security/cve/CVE-2014-7169.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "JVNDB-2014-000126", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "61641", refsource: "SECUNIA", url: "http://secunia.com/advisories/61641", }, { name: "SUSE-SU-2014:1247", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html", }, { name: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", refsource: "CONFIRM", url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { name: "https://access.redhat.com/node/1200223", refsource: "CONFIRM", url: "https://access.redhat.com/node/1200223", }, { name: "SUSE-SU-2014:1287", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", refsource: "APPLE", url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "61619", refsource: "SECUNIA", url: "http://secunia.com/advisories/61619", }, { name: "http://linux.oracle.com/errata/ELSA-2014-3078.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-3078.html", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "HPSBMU03220", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", refsource: "SECUNIA", url: "http://secunia.com/advisories/60325", }, { name: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", refsource: "CONFIRM", url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", refsource: "SECUNIA", url: "http://secunia.com/advisories/60024", }, { name: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/34879/", }, { name: "61622", refsource: "SECUNIA", url: "http://secunia.com/advisories/61622", }, { name: "https://access.redhat.com/articles/1200223", refsource: "CONFIRM", url: "https://access.redhat.com/articles/1200223", }, { name: "62343", refsource: "SECUNIA", url: "http://secunia.com/advisories/62343", }, { name: "http://advisories.mageia.org/MGASA-2014-0393.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0393.html", }, { name: "61565", refsource: "SECUNIA", url: "http://secunia.com/advisories/61565", }, { name: "https://www.suse.com/support/shellshock/", refsource: "CONFIRM", url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", refsource: "SECUNIA", url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", refsource: "SECUNIA", url: "http://secunia.com/advisories/61873", }, { name: "61485", refsource: "SECUNIA", url: "http://secunia.com/advisories/61485", }, { name: "openSUSE-SU-2014:1242", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html", }, { name: "61618", refsource: "SECUNIA", url: "http://secunia.com/advisories/61618", }, { name: "60947", refsource: "SECUNIA", url: "http://secunia.com/advisories/60947", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { name: "https://support.apple.com/kb/HT6535", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", refsource: "SECUNIA", url: "http://secunia.com/advisories/61312", }, { name: "60193", refsource: "SECUNIA", url: "http://secunia.com/advisories/60193", }, { name: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { name: "61479", refsource: "SECUNIA", url: "http://secunia.com/advisories/61479", }, { name: "60063", refsource: "SECUNIA", url: "http://secunia.com/advisories/60063", }, { name: "60034", refsource: "SECUNIA", url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { name: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", refsource: "MISC", url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", refsource: "SECUNIA", url: "http://secunia.com/advisories/59907", }, { name: "58200", refsource: "SECUNIA", url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", refsource: "SECUNIA", url: "http://secunia.com/advisories/61643", }, { name: "http://twitter.com/taviso/statuses/514887394294652929", refsource: "MISC", url: "http://twitter.com/taviso/statuses/514887394294652929", }, { name: "http://www.novell.com/support/kb/doc.php?id=7015721", refsource: "CONFIRM", url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", refsource: "SECUNIA", url: "http://secunia.com/advisories/61503", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "HPSBGN03117", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "HPSBHF03145", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { name: "http://www.qnap.com/i/en/support/con_show.php?cid=61", refsource: "CONFIRM", url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", refsource: "SECUNIA", url: "http://secunia.com/advisories/61552", }, { name: "61780", refsource: "SECUNIA", url: "http://secunia.com/advisories/61780", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { name: "https://support.citrix.com/article/CTX200223", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX200223", }, { name: "http://linux.oracle.com/errata/ELSA-2014-3077.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-3077.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", refsource: "SECUNIA", url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", refsource: "SECUNIA", url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", refsource: "SECUNIA", url: "http://secunia.com/advisories/60044", }, { name: "61291", refsource: "SECUNIA", url: "http://secunia.com/advisories/61291", }, { name: "HPSBHF03125", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", refsource: "SECUNIA", url: "http://secunia.com/advisories/59737", }, { name: "61287", refsource: "SECUNIA", url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "SSRT101739", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", refsource: "SECUNIA", url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { name: "RHSA-2014:1311", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1311.html", }, { name: "61128", refsource: "SECUNIA", url: "http://secunia.com/advisories/61128", }, { name: "DSA-3035", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-3035", }, { name: "https://support.citrix.com/article/CTX200217", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", refsource: "SECUNIA", url: "http://secunia.com/advisories/61471", }, { name: "60055", refsource: "SECUNIA", url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", refsource: "SECUNIA", url: "http://secunia.com/advisories/61550", }, { name: "61633", refsource: "SECUNIA", url: "http://secunia.com/advisories/61633", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { name: "http://linux.oracle.com/errata/ELSA-2014-1306.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-1306.html", }, { name: "https://kb.bluecoat.com/index?page=content&id=SA82", refsource: "CONFIRM", url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "SUSE-SU-2014:1259", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html", }, { name: "61328", refsource: "SECUNIA", url: "http://secunia.com/advisories/61328", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "61129", refsource: "SECUNIA", url: "http://secunia.com/advisories/61129", }, { name: "61700", refsource: "SECUNIA", url: "http://secunia.com/advisories/61700", }, { name: "61626", refsource: "SECUNIA", url: "http://secunia.com/advisories/61626", }, { name: "61603", refsource: "SECUNIA", url: "http://secunia.com/advisories/61603", }, { name: "61857", refsource: "SECUNIA", url: "http://secunia.com/advisories/61857", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { name: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", refsource: "MISC", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-7169", datePublished: "2014-09-25T01:00:00.000Z", dateReserved: "2014-09-24T00:00:00.000Z", dateUpdated: "2025-02-10T19:31:56.166Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20657
Vulnerability from cvelistv5
Published
2019-01-02 14:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106444 | vdb-entry, x_refsource_BID | |
| https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539 | x_refsource_MISC | |
| https://support.f5.com/csp/article/K62602089 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:3352 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.725Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "106444", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106444", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K62602089", }, { name: "RHSA-2019:3352", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3352", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-02T00:00:00", descriptions: [ { lang: "en", value: "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-06T00:07:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "106444", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106444", }, { tags: [ "x_refsource_MISC", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K62602089", }, { name: "RHSA-2019:3352", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3352", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20657", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "106444", refsource: "BID", url: "http://www.securityfocus.com/bid/106444", }, { name: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", refsource: "MISC", url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539", }, { name: "https://support.f5.com/csp/article/K62602089", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K62602089", }, { name: "RHSA-2019:3352", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3352", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20657", datePublished: "2019-01-02T14:00:00", dateReserved: "2019-01-02T00:00:00", dateUpdated: "2024-08-05T12:05:17.725Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1559
Vulnerability from cvelistv5
Published
2019-02-27 23:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:20:27.982Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "107174", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107174", }, { name: "GLSA-201903-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-10", }, { name: "USN-3899-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3899-1/", }, { name: "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", }, { name: "DSA-4400", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4400", }, { name: "openSUSE-SU-2019:1076", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", }, { name: "openSUSE-SU-2019:1105", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", }, { name: "openSUSE-SU-2019:1173", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", }, { name: "openSUSE-SU-2019:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", }, { name: "openSUSE-SU-2019:1432", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", }, { name: "openSUSE-SU-2019:1637", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", }, { name: "RHSA-2019:2304", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { name: "RHSA-2019:2439", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2439", }, { name: "RHSA-2019:2437", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2437", }, { name: "RHSA-2019:2471", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2471", }, { name: "FEDORA-2019-db06efdea1", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { name: "FEDORA-2019-00c25b9379", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { name: "FEDORA-2019-9a0a7c0986", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { name: "RHSA-2019:3929", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { name: "RHSA-2019:3931", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "USN-4376-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4376-2/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190301-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190301-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20190226.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K18549143", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2019-02", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2019-03", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)", }, ], }, ], credits: [ { lang: "en", value: "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt", }, ], datePublic: "2019-02-26T00:00:00", descriptions: [ { lang: "en", value: "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Padding Oracle", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-20T14:42:01", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "107174", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107174", }, { name: "GLSA-201903-10", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201903-10", }, { name: "USN-3899-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3899-1/", }, { name: "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", }, { name: "DSA-4400", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4400", }, { name: "openSUSE-SU-2019:1076", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", }, { name: "openSUSE-SU-2019:1105", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", }, { name: "openSUSE-SU-2019:1173", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", }, { name: "openSUSE-SU-2019:1175", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", }, { name: "openSUSE-SU-2019:1432", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", }, { name: "openSUSE-SU-2019:1637", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", }, { name: "RHSA-2019:2304", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { name: "RHSA-2019:2439", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2439", }, { name: "RHSA-2019:2437", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2437", }, { name: "RHSA-2019:2471", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2471", }, { name: "FEDORA-2019-db06efdea1", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { name: "FEDORA-2019-00c25b9379", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { name: "FEDORA-2019-9a0a7c0986", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { name: "RHSA-2019:3929", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { name: "RHSA-2019:3931", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "USN-4376-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4376-2/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190301-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190301-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openssl.org/news/secadv/20190226.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K18549143", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2019-02", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2019-03", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&%3Butm_medium=RSS", }, ], title: "0-byte record padding oracle", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "openssl-security@openssl.org", DATE_PUBLIC: "2019-02-26", ID: "CVE-2019-1559", STATE: "PUBLIC", TITLE: "0-byte record padding oracle", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OpenSSL", version: { version_data: [ { version_value: "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)", }, ], }, }, ], }, vendor_name: "OpenSSL", }, ], }, }, credit: [ { lang: "eng", value: "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).", }, ], }, impact: [ { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Padding Oracle", }, ], }, ], }, references: { reference_data: [ { name: "107174", refsource: "BID", url: "http://www.securityfocus.com/bid/107174", }, { name: "GLSA-201903-10", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201903-10", }, { name: "USN-3899-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3899-1/", }, { name: "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html", }, { name: "DSA-4400", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4400", }, { name: "openSUSE-SU-2019:1076", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html", }, { name: "openSUSE-SU-2019:1105", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html", }, { name: "openSUSE-SU-2019:1173", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html", }, { name: "openSUSE-SU-2019:1175", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html", }, { name: "openSUSE-SU-2019:1432", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html", }, { name: "openSUSE-SU-2019:1637", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html", }, { name: "RHSA-2019:2304", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2304", }, { name: "RHSA-2019:2439", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2439", }, { name: "RHSA-2019:2437", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2437", }, { name: "RHSA-2019:2471", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2471", }, { name: "FEDORA-2019-db06efdea1", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/", }, { name: "FEDORA-2019-00c25b9379", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/", }, { name: "FEDORA-2019-9a0a7c0986", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/", }, { name: "RHSA-2019:3929", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3929", }, { name: "RHSA-2019:3931", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3931", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "USN-4376-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4376-2/", }, { name: "https://www.oracle.com/security-alerts/cpujan2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20190301-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190301-0001/", }, { name: "https://security.netapp.com/advisory/ntap-20190301-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190301-0002/", }, { name: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", refsource: "CONFIRM", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e", }, { name: "https://www.openssl.org/news/secadv/20190226.txt", refsource: "CONFIRM", url: "https://www.openssl.org/news/secadv/20190226.txt", }, { name: "https://support.f5.com/csp/article/K18549143", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K18549143", }, { name: "https://www.tenable.com/security/tns-2019-02", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2019-02", }, { name: "https://security.netapp.com/advisory/ntap-20190423-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190423-0002/", }, { name: "https://www.tenable.com/security/tns-2019-03", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2019-03", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10282", }, { name: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2019-1559", datePublished: "2019-02-27T23:00:00Z", dateReserved: "2018-11-28T00:00:00", dateUpdated: "2024-09-17T04:20:35.057Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14463
Vulnerability from cvelistv5
Published
2019-10-03 15:12
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:29:51.655Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-27T05:49:24", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14463", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "https://security.netapp.com/advisory/ntap-20200120-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14463", datePublished: "2019-10-03T15:12:23", dateReserved: "2018-07-20T00:00:00", dateUpdated: "2024-08-05T09:29:51.655Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14880
Vulnerability from cvelistv5
Published
2019-10-03 15:35
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:46:23.859Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K56551263?utm_source=f5support&%3Butm_medium=RSS", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-05T03:06:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K56551263?utm_source=f5support&%3Butm_medium=RSS", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14880", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "https://support.f5.com/csp/article/K56551263?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K56551263?utm_source=f5support&utm_medium=RSS", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "https://security.netapp.com/advisory/ntap-20200120-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14880", datePublished: "2019-10-03T15:35:06", dateReserved: "2018-08-03T00:00:00", dateUpdated: "2024-08-05T09:46:23.859Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13565
Vulnerability from cvelistv5
Published
2019-07-26 12:30
Modified
2024-08-04 23:57
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:57:39.435Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-4078-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4078-1/", }, { name: "[debian-lts-announce] 20190818 [SECURITY] [DLA 1891-1] openldap security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", }, { name: "USN-4078-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4078-2/", }, { name: "openSUSE-SU-2019:2157", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", }, { name: "openSUSE-SU-2019:2176", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openldap.org/its/index.cgi/?findid=9052", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K98008862?utm_source=f5support&%3Butm_medium=RSS", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:20:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-4078-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4078-1/", }, { name: "[debian-lts-announce] 20190818 [SECURITY] [DLA 1891-1] openldap security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", }, { name: "USN-4078-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4078-2/", }, { name: "openSUSE-SU-2019:2157", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", }, { name: "openSUSE-SU-2019:2176", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openldap.org/its/index.cgi/?findid=9052", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K98008862?utm_source=f5support&%3Butm_medium=RSS", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-13565", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-4078-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4078-1/", }, { name: "[debian-lts-announce] 20190818 [SECURITY] [DLA 1891-1] openldap security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html", }, { name: "USN-4078-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4078-2/", }, { name: "openSUSE-SU-2019:2157", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", }, { name: "openSUSE-SU-2019:2176", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html", refsource: "CONFIRM", url: "https://www.openldap.org/lists/openldap-announce/201907/msg00001.html", }, { name: "https://www.openldap.org/its/index.cgi/?findid=9052", refsource: "MISC", url: "https://www.openldap.org/its/index.cgi/?findid=9052", }, { name: "https://support.f5.com/csp/article/K98008862?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K98008862?utm_source=f5support&utm_medium=RSS", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13565", datePublished: "2019-07-26T12:30:58", dateReserved: "2019-07-11T00:00:00", dateUpdated: "2024-08-04T23:57:39.435Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5738
Vulnerability from cvelistv5
Published
2016-07-26 17:00
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf | x_refsource_MISC | |
| https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html | x_refsource_CONFIRM | |
| http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:59:04.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-17T00:00:00", descriptions: [ { lang: "en", value: "The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-07-26T17:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-5738", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf", refsource: "MISC", url: "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf", }, { name: "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html", refsource: "CONFIRM", url: "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html", }, { name: "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions", refsource: "CONFIRM", url: "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-5738", datePublished: "2016-07-26T17:00:00", dateReserved: "2015-08-05T00:00:00", dateUpdated: "2024-08-06T06:59:04.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14465
Vulnerability from cvelistv5
Published
2019-10-03 15:15
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:29:51.446Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-05T03:06:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14465", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "https://security.netapp.com/advisory/ntap-20200120-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14465", datePublished: "2019-10-03T15:15:01", dateReserved: "2018-07-20T00:00:00", dateUpdated: "2024-08-05T09:29:51.446Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13050
Vulnerability from cvelistv5
Published
2019-06-29 16:07
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:41:09.920Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://twitter.com/lambdafu/status/1147162583969009664", }, { name: "FEDORA-2019-2f259a6c0a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/", }, { name: "FEDORA-2019-28a3675529", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/", }, { name: "openSUSE-SU-2019:1917", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K08654551", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&%3Butm_medium=RSS", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-29T14:07:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", }, { tags: [ "x_refsource_MISC", ], url: "https://twitter.com/lambdafu/status/1147162583969009664", }, { name: "FEDORA-2019-2f259a6c0a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/", }, { name: "FEDORA-2019-28a3675529", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/", }, { name: "openSUSE-SU-2019:1917", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K08654551", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&%3Butm_medium=RSS", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-13050", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", refsource: "MISC", url: "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", }, { name: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", refsource: "CONFIRM", url: "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", }, { name: "https://twitter.com/lambdafu/status/1147162583969009664", refsource: "MISC", url: "https://twitter.com/lambdafu/status/1147162583969009664", }, { name: "FEDORA-2019-2f259a6c0a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/", }, { name: "FEDORA-2019-28a3675529", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/", }, { name: "openSUSE-SU-2019:1917", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html", }, { name: "https://support.f5.com/csp/article/K08654551", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K08654551", }, { name: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K08654551?utm_source=f5support&utm_medium=RSS", }, { name: "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", }, { name: "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13050", datePublished: "2019-06-29T16:07:13", dateReserved: "2019-06-29T00:00:00", dateUpdated: "2024-08-04T23:41:09.920Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20002
Vulnerability from cvelistv5
Published
2018-12-10 02:00
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106142 | vdb-entry, x_refsource_BID | |
| https://security.netapp.com/advisory/ntap-20190221-0004/ | x_refsource_CONFIRM | |
| https://sourceware.org/bugzilla/show_bug.cgi?id=23952 | x_refsource_MISC | |
| https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9 | x_refsource_MISC | |
| https://support.f5.com/csp/article/K62602089 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201908-01 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4336-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:51:18.234Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "106142", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106142", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190221-0004/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K62602089", }, { name: "GLSA-201908-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201908-01", }, { name: "USN-4336-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4336-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-12-09T00:00:00", descriptions: [ { lang: "en", value: "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-29T02:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "106142", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106142", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190221-0004/", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K62602089", }, { name: "GLSA-201908-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201908-01", }, { name: "USN-4336-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4336-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20002", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "106142", refsource: "BID", url: "http://www.securityfocus.com/bid/106142", }, { name: "https://security.netapp.com/advisory/ntap-20190221-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190221-0004/", }, { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", refsource: "MISC", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=23952", }, { name: "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", refsource: "MISC", url: "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9", }, { name: "https://support.f5.com/csp/article/K62602089", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K62602089", }, { name: "GLSA-201908-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201908-01", }, { name: "USN-4336-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4336-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20002", datePublished: "2018-12-10T02:00:00", dateReserved: "2018-12-09T00:00:00", dateUpdated: "2024-08-05T11:51:18.234Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20836
Vulnerability from cvelistv5
Published
2019-05-07 13:04
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:12:27.403Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { name: "108196", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108196", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K11225249", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { name: "openSUSE-SU-2019:1716", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html", }, { name: "openSUSE-SU-2019:1757", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html", }, { name: "USN-4076-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4076-1/", }, { name: "DSA-4495", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4495", }, { name: "20190812 [SECURITY] [DSA 4495-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/13", }, { name: "20190813 [SECURITY] [DSA 4497-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/18", }, { name: "DSA-4497", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4497", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-14T13:06:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { name: "108196", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108196", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K11225249", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { name: "openSUSE-SU-2019:1716", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html", }, { name: "openSUSE-SU-2019:1757", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html", }, { name: "USN-4076-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4076-1/", }, { name: "DSA-4495", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4495", }, { name: "20190812 [SECURITY] [DSA 4495-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/13", }, { name: "20190813 [SECURITY] [DSA 4497-1] linux security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/18", }, { name: "DSA-4497", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4497", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20836", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { name: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", refsource: "MISC", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae", }, { name: "108196", refsource: "BID", url: "http://www.securityfocus.com/bid/108196", }, { name: "https://support.f5.com/csp/article/K11225249", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K11225249", }, { name: "https://security.netapp.com/advisory/ntap-20190719-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190719-0003/", }, { name: "openSUSE-SU-2019:1716", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html", }, { name: "openSUSE-SU-2019:1757", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html", }, { name: "USN-4076-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4076-1/", }, { name: "DSA-4495", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4495", }, { name: "20190812 [SECURITY] [DSA 4495-1] linux security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/13", }, { name: "20190813 [SECURITY] [DSA 4497-1] linux security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/18", }, { name: "DSA-4497", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4497", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html", }, { name: "[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20836", datePublished: "2019-05-07T13:04:44", dateReserved: "2019-05-07T00:00:00", dateUpdated: "2024-08-05T12:12:27.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5436
Vulnerability from cvelistv5
Published
2019-05-28 18:47
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:54:53.472Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2019:1492", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", }, { name: "openSUSE-SU-2019:1508", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", }, { name: "FEDORA-2019-697de0501f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", }, { name: "[oss-security] 20190911 [SECURITY ADVISORY] curl: TFTP small blocksize heap buffer overflow", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/09/11/6", }, { name: "DSA-4633", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4633", }, { name: "20200225 [SECURITY] [DSA 4633-1] curl security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Feb/36", }, { name: "GLSA-202003-29", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-29", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190606-0004/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K55133295", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K55133295?utm_source=f5support&%3Butm_medium=RSS", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "curl", vendor: "curl", versions: [ { status: "affected", version: "Fixed in 7.65.0", }, ], }, ], datePublic: "2019-05-22T00:00:00", descriptions: [ { lang: "en", value: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "Heap Overflow (CWE-122)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-10-20T21:15:00", orgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", shortName: "hackerone", }, references: [ { name: "openSUSE-SU-2019:1492", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", }, { name: "openSUSE-SU-2019:1508", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", }, { name: "FEDORA-2019-697de0501f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", }, { name: "[oss-security] 20190911 [SECURITY ADVISORY] curl: TFTP small blocksize heap buffer overflow", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/09/11/6", }, { name: "DSA-4633", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4633", }, { name: "20200225 [SECURITY] [DSA 4633-1] curl security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Feb/36", }, { name: "GLSA-202003-29", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-29", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190606-0004/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K55133295", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K55133295?utm_source=f5support&%3Butm_medium=RSS", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "support@hackerone.com", ID: "CVE-2019-5436", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "curl", version: { version_data: [ { version_value: "Fixed in 7.65.0", }, ], }, }, ], }, vendor_name: "curl", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Heap Overflow (CWE-122)", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2019:1492", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", }, { name: "openSUSE-SU-2019:1508", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", }, { name: "FEDORA-2019-697de0501f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", }, { name: "[oss-security] 20190911 [SECURITY ADVISORY] curl: TFTP small blocksize heap buffer overflow", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/09/11/6", }, { name: "DSA-4633", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4633", }, { name: "20200225 [SECURITY] [DSA 4633-1] curl security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Feb/36", }, { name: "GLSA-202003-29", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-29", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://security.netapp.com/advisory/ntap-20190606-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190606-0004/", }, { name: "https://curl.haxx.se/docs/CVE-2019-5436.html", refsource: "CONFIRM", url: "https://curl.haxx.se/docs/CVE-2019-5436.html", }, { name: "https://support.f5.com/csp/article/K55133295", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K55133295", }, { name: "https://support.f5.com/csp/article/K55133295?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K55133295?utm_source=f5support&utm_medium=RSS", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "36234546-b8fa-4601-9d6f-f4e334aa8ea1", assignerShortName: "hackerone", cveId: "CVE-2019-5436", datePublished: "2019-05-28T18:47:32", dateReserved: "2019-01-04T00:00:00", dateUpdated: "2024-08-04T19:54:53.472Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-9070
Vulnerability from cvelistv5
Published
2019-02-24 00:00
Modified
2024-08-04 21:38
Severity ?
EPSS score ?
Summary
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395 | x_refsource_MISC | |
| https://sourceware.org/bugzilla/show_bug.cgi?id=24229 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20190314-0003/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/107147 | vdb-entry, x_refsource_BID | |
| https://support.f5.com/csp/article/K13534168 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4326-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4336-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/202107-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:38:45.633Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24229", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190314-0003/", }, { name: "107147", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107147", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K13534168", }, { name: "USN-4326-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4326-1/", }, { name: "USN-4336-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4336-1/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-23T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-10T04:06:40", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24229", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190314-0003/", }, { name: "107147", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107147", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K13534168", }, { name: "USN-4326-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4326-1/", }, { name: "USN-4336-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4336-1/", }, { name: "GLSA-202107-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-9070", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395", refsource: "MISC", url: "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395", }, { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=24229", refsource: "MISC", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=24229", }, { name: "https://security.netapp.com/advisory/ntap-20190314-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190314-0003/", }, { name: "107147", refsource: "BID", url: "http://www.securityfocus.com/bid/107147", }, { name: "https://support.f5.com/csp/article/K13534168", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K13534168", }, { name: "USN-4326-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4326-1/", }, { name: "USN-4336-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4336-1/", }, { name: "GLSA-202107-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-9070", datePublished: "2019-02-24T00:00:00", dateReserved: "2019-02-23T00:00:00", dateUpdated: "2024-08-04T21:38:45.633Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27880
Vulnerability from cvelistv5
Published
2022-05-05 16:32
Modified
2024-09-17 04:00
Severity ?
EPSS score ?
Summary
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.f5.com/csp/article/K17341495 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 | Traffix SDC |
Version: 5.2.x < 5.2.2 Version: 5.1.x < 5.1.35 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:41:10.976Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.f5.com/csp/article/K17341495", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Traffix SDC", vendor: "F5", versions: [ { lessThan: "5.2.2", status: "affected", version: "5.2.x", versionType: "custom", }, { lessThan: "5.1.35", status: "affected", version: "5.1.x", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "F5 acknowledges TIM Security Red Team Research, Valerio Alessandroni, Matteo Brutti, and Massimiliano Brolli for bringing this issue to our attention and following the highest standards of coordinated disclosure.", }, ], datePublic: "2022-05-04T00:00:00", descriptions: [ { lang: "en", value: "On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T16:32:33", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.f5.com/csp/article/K17341495", }, ], source: { discovery: "EXTERNAL", }, x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "f5sirt@f5.com", DATE_PUBLIC: "2022-05-04T14:00:00.000Z", ID: "CVE-2022-27880", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Traffix SDC", version: { version_data: [ { version_affected: "<", version_name: "5.2.x", version_value: "5.2.2", }, { version_affected: "<", version_name: "5.1.x", version_value: "5.1.35", }, ], }, }, ], }, vendor_name: "F5", }, ], }, }, credit: [ { lang: "eng", value: "F5 acknowledges TIM Security Red Team Research, Valerio Alessandroni, Matteo Brutti, and Massimiliano Brolli for bringing this issue to our attention and following the highest standards of coordinated disclosure.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, ], }, ], }, references: { reference_data: [ { name: "https://support.f5.com/csp/article/K17341495", refsource: "MISC", url: "https://support.f5.com/csp/article/K17341495", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2022-27880", datePublished: "2022-05-05T16:32:33.813504Z", dateReserved: "2022-04-19T00:00:00", dateUpdated: "2024-09-17T04:00:20.047Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14468
Vulnerability from cvelistv5
Published
2019-10-03 15:27
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:29:51.249Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K04367730?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-05T03:06:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K04367730?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14468", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.f5.com/csp/article/K04367730?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K04367730?utm_source=f5support&utm_medium=RSS", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "https://security.netapp.com/advisory/ntap-20200120-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14468", datePublished: "2019-10-03T15:27:45", dateReserved: "2018-07-20T00:00:00", dateUpdated: "2024-08-05T09:29:51.249Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14462
Vulnerability from cvelistv5
Published
2019-10-03 15:11
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:29:51.278Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-05T03:06:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14462", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "https://security.netapp.com/advisory/ntap-20200120-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14462", datePublished: "2019-10-03T15:11:19", dateReserved: "2018-07-20T00:00:00", dateUpdated: "2024-08-05T09:29:51.278Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14882
Vulnerability from cvelistv5
Published
2019-10-03 15:41
Modified
2024-08-05 09:46
Severity ?
EPSS score ?
Summary
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:46:23.777Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4252-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-05T03:06:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4252-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14882", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", refsource: "MISC", url: "https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES", }, { name: "https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4", }, { name: "[debian-lts-announce] 20191011 [SECURITY] [DLA 1955-1] tcpdump security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html", }, { name: "openSUSE-SU-2019:2344", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html", }, { name: "openSUSE-SU-2019:2348", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html", }, { name: "20191021 [SECURITY] [DSA 4547-1] tcpdump security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Oct/28", }, { name: "DSA-4547", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4547", }, { name: "FEDORA-2019-85d92df70f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R2UDPOSGVJQIYC33SQBXMDXHH4QDSDMU/", }, { name: "FEDORA-2019-d06bc63433", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNYXF3IY2X65IOD422SA6EQUULSGW7FN/", }, { name: "FEDORA-2019-6db0d5b9d9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62XY42U6HY3H2APR5EHNWCZ7SAQNMMJN/", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "https://security.netapp.com/advisory/ntap-20200120-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200120-0001/", }, { name: "USN-4252-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-2/", }, { name: "USN-4252-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4252-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14882", datePublished: "2019-10-03T15:41:37", dateReserved: "2018-08-03T00:00:00", dateUpdated: "2024-08-05T09:46:23.777Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-5854
Vulnerability from cvelistv5
Published
2020-02-06 15:40
Modified
2024-08-04 08:39
Severity ?
EPSS score ?
Summary
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.f5.com/csp/article/K50046200 | x_refsource_CONFIRM |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:39:25.933Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K50046200", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BIG-IP", vendor: "F5", versions: [ { status: "affected", version: "15.0.0-15.0.1.1", }, { status: "affected", version: "14.1.0-14.1.2.2", }, { status: "affected", version: "14.0.0-14.0.1", }, { status: "affected", version: "13.1.0-13.1.3.1", }, { status: "affected", version: "12.1.0-12.1.5", }, { status: "affected", version: "11.6.0-11.6.5.1", }, ], }, ], descriptions: [ { lang: "en", value: "On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.", }, ], problemTypes: [ { descriptions: [ { description: "DoS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-06T15:40:54", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K50046200", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "f5sirt@f5.com", ID: "CVE-2020-5854", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BIG-IP", version: { version_data: [ { version_value: "15.0.0-15.0.1.1", }, { version_value: "14.1.0-14.1.2.2", }, { version_value: "14.0.0-14.0.1", }, { version_value: "13.1.0-13.1.3.1", }, { version_value: "12.1.0-12.1.5", }, { version_value: "11.6.0-11.6.5.1", }, ], }, }, ], }, vendor_name: "F5", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "DoS", }, ], }, ], }, references: { reference_data: [ { name: "https://support.f5.com/csp/article/K50046200", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K50046200", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2020-5854", datePublished: "2020-02-06T15:40:54", dateReserved: "2020-01-06T00:00:00", dateUpdated: "2024-08-04T08:39:25.933Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27662
Vulnerability from cvelistv5
Published
2022-05-05 16:29
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.f5.com/csp/article/K24248011 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 | Traffix SDC |
Version: 5.2.x < 5.2.2 Version: 5.1.x < 5.1.35 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:32:59.915Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.f5.com/csp/article/K24248011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Traffix SDC", vendor: "F5", versions: [ { lessThan: "5.2.2", status: "affected", version: "5.2.x", versionType: "custom", }, { lessThan: "5.1.35", status: "affected", version: "5.1.x", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "F5 acknowledges TIM Security Red Team Research, Valerio Alessandroni, Matteo Brutti, and Massimiliano Brolli for bringing this issue to our attention and following the highest standards of coordinated disclosure.", }, ], datePublic: "2022-05-04T00:00:00", descriptions: [ { lang: "en", value: "On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1336", description: "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T16:29:10", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://support.f5.com/csp/article/K24248011", }, ], source: { discovery: "EXTERNAL", }, x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "f5sirt@f5.com", DATE_PUBLIC: "2022-05-04T19:45:00.000Z", ID: "CVE-2022-27662", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Traffix SDC", version: { version_data: [ { version_affected: "<", version_name: "5.2.x", version_value: "5.2.2", }, { version_affected: "<", version_name: "5.1.x", version_value: "5.1.35", }, ], }, }, ], }, vendor_name: "F5", }, ], }, }, credit: [ { lang: "eng", value: "F5 acknowledges TIM Security Red Team Research, Valerio Alessandroni, Matteo Brutti, and Massimiliano Brolli for bringing this issue to our attention and following the highest standards of coordinated disclosure.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine", }, ], }, ], }, references: { reference_data: [ { name: "https://support.f5.com/csp/article/K24248011", refsource: "MISC", url: "https://support.f5.com/csp/article/K24248011", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2022-27662", datePublished: "2022-05-05T16:29:10.065731Z", dateReserved: "2022-04-19T00:00:00", dateUpdated: "2024-09-16T20:16:37.864Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-6271
Vulnerability from cvelistv5
Published
2014-09-24 18:00
Modified
2025-02-07 13:47
Severity ?
EPSS score ?
Summary
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:10:13.276Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "37816", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/37816/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { name: "SUSE-SU-2014:1223", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "HPSBMU03165", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "SSRT101816", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "39918", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39918/", }, { name: "HPSBHF03119", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { name: "RHSA-2014:1295", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1295.html", }, { name: "openSUSE-SU-2014:1226", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "HPSBST03196", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "61188", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61188", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { name: "JVN#55667175", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61676", }, { name: "40619", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40619/", }, { name: "openSUSE-SU-2014:1254", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60433", }, { name: "38849", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/38849/", }, { name: "HPSBMU03143", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", }, { name: "SUSE-SU-2014:1260", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html", }, { name: "HPSBST03155", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61715", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "USN-2362-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2362-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61654", }, { name: "61542", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61542", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62312", }, { name: "59272", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "SSRT101868", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61703", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61065", }, { name: "SUSE-SU-2014:1213", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html", }, { name: "HPSBST03129", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "70103", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70103", }, { name: "JVNDB-2014-000126", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "SUSE-SU-2014:1212", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html", }, { name: "61641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61641", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/node/1200223", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", }, { name: "SUSE-SU-2014:1287", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "RHSA-2014:1293", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1293.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "openSUSE-SU-2014:1238", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html", }, { name: "HPSBMU03220", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60325", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60024", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/34879/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://access.redhat.com/articles/1200223", }, { name: "62343", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62343", }, { name: "61565", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61565", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61873", }, { name: "61485", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61485", }, { name: "60947", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60947", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { name: "HPSBST03265", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142546741516006&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61312", }, { name: "60193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60193", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-1294.html", }, { name: "60063", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60063", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", }, { name: "60034", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59907", }, { name: "58200", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61643", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61503", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "40938", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40938/", }, { name: "HPSBGN03117", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.novell.com/security/cve/CVE-2014-6271.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "61547", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61547", }, { name: "HPSBHF03145", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61552", }, { name: "61780", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61780", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX200223", }, { name: "DSA-3032", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-3032", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60044", }, { name: "61291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61291", }, { name: "RHSA-2014:1294", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1294.html", }, { name: "HPSBHF03125", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59737", }, { name: "61287", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", }, { name: "SSRT101739", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2014-0388.html", }, { name: "61128", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61128", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61471", }, { name: "60055", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61550", }, { name: "61633", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61633", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-1293.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "61328", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61328", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "42938", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/42938/", }, { name: "61129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61129", }, { name: "61700", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61700", }, { name: "61603", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61603", }, { name: "61857", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61857", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2014-6271", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T13:45:49.549420Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-01-28", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-6271", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T13:47:31.669Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-24T00:00:00.000Z", descriptions: [ { lang: "en", value: "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-05T16:37:05.000Z", orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", shortName: "debian", }, references: [ { name: "37816", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/37816/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { name: "SUSE-SU-2014:1223", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "HPSBMU03165", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "SSRT101816", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "39918", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39918/", }, { name: "HPSBHF03119", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { name: "RHSA-2014:1295", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1295.html", }, { name: "openSUSE-SU-2014:1226", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "HPSBST03196", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "61188", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61188", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { name: "JVN#55667175", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61676", }, { name: "40619", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40619/", }, { name: "openSUSE-SU-2014:1254", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60433", }, { name: "38849", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/38849/", }, { name: "HPSBMU03143", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", }, { name: "SUSE-SU-2014:1260", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html", }, { name: "HPSBST03155", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61715", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "USN-2362-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2362-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61654", }, { name: "61542", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61542", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62312", }, { name: "59272", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "SSRT101868", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61703", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61065", }, { name: "SUSE-SU-2014:1213", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html", }, { name: "HPSBST03129", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "70103", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70103", }, { name: "JVNDB-2014-000126", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "SUSE-SU-2014:1212", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html", }, { name: "61641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61641", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/node/1200223", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", }, { name: "SUSE-SU-2014:1287", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "RHSA-2014:1293", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1293.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "openSUSE-SU-2014:1238", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html", }, { name: "HPSBMU03220", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60325", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60024", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/34879/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://access.redhat.com/articles/1200223", }, { name: "62343", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62343", }, { name: "61565", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61565", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61873", }, { name: "61485", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61485", }, { name: "60947", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60947", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { name: "HPSBST03265", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142546741516006&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61312", }, { name: "60193", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60193", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-1294.html", }, { name: "60063", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60063", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", }, { name: "60034", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { tags: [ "x_refsource_MISC", ], url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59907", }, { name: "58200", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61643", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61503", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "40938", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40938/", }, { name: "HPSBGN03117", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.novell.com/security/cve/CVE-2014-6271.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "61547", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61547", }, { name: "HPSBHF03145", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61552", }, { name: "61780", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61780", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX200223", }, { name: "DSA-3032", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-3032", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60044", }, { name: "61291", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61291", }, { name: "RHSA-2014:1294", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1294.html", }, { name: "HPSBHF03125", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59737", }, { name: "61287", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", }, { name: "SSRT101739", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2014-0388.html", }, { name: "61128", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61128", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61471", }, { name: "60055", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61550", }, { name: "61633", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61633", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-1293.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "61328", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61328", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "42938", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/42938/", }, { name: "61129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61129", }, { name: "61700", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61700", }, { name: "61603", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61603", }, { name: "61857", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61857", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@debian.org", ID: "CVE-2014-6271", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "37816", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/37816/", }, { name: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html", }, { name: "SUSE-SU-2014:1223", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", }, { name: "HPSBMU03165", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577137423233&w=2", }, { name: "SSRT101816", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "39918", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/39918/", }, { name: "HPSBHF03119", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141216668515282&w=2", }, { name: "RHSA-2014:1295", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1295.html", }, { name: "openSUSE-SU-2014:1226", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { name: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", refsource: "CONFIRM", url: "https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/", }, { name: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", refsource: "CONFIRM", url: "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", }, { name: "HPSBST03131", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383138121313&w=2", }, { name: "SSRT101819", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/533593/100/0/threaded", }, { name: "HPSBMU03245", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686084", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", }, { name: "HPSBST03196", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142719845423222&w=2", }, { name: "61188", refsource: "SECUNIA", url: "http://secunia.com/advisories/61188", }, { name: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", refsource: "CONFIRM", url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { name: "JVN#55667175", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN55667175/index.html", }, { name: "61676", refsource: "SECUNIA", url: "http://secunia.com/advisories/61676", }, { name: "40619", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40619/", }, { name: "openSUSE-SU-2014:1254", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html", }, { name: "60433", refsource: "SECUNIA", url: "http://secunia.com/advisories/60433", }, { name: "38849", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/38849/", }, { name: "HPSBMU03143", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383026420882&w=2", }, { name: "HPSBMU03182", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141585637922673&w=2", }, { name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", refsource: "CONFIRM", url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673", }, { name: "SUSE-SU-2014:1260", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html", }, { name: "HPSBST03155", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141576728022234&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", }, { name: "61715", refsource: "SECUNIA", url: "http://secunia.com/advisories/61715", }, { name: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", }, { name: "61816", refsource: "SECUNIA", url: "http://secunia.com/advisories/61816", }, { name: "openSUSE-SU-2014:1310", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", }, { name: "61442", refsource: "SECUNIA", url: "http://secunia.com/advisories/61442", }, { name: "HPSBMU03246", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358078406056&w=2", }, { name: "HPSBST03195", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2", }, { name: "61283", refsource: "SECUNIA", url: "http://secunia.com/advisories/61283", }, { name: "SSRT101711", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "USN-2362-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2362-1", }, { name: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", refsource: "CONFIRM", url: "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", }, { name: "openSUSE-SU-2014:1308", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html", }, { name: "61654", refsource: "SECUNIA", url: "http://secunia.com/advisories/61654", }, { name: "61542", refsource: "SECUNIA", url: "http://secunia.com/advisories/61542", }, { name: "http://www.novell.com/support/kb/doc.php?id=7015701", refsource: "CONFIRM", url: "http://www.novell.com/support/kb/doc.php?id=7015701", }, { name: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", refsource: "CONFIRM", url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", }, { name: "62312", refsource: "SECUNIA", url: "http://secunia.com/advisories/62312", }, { name: "59272", refsource: "SECUNIA", url: "http://secunia.com/advisories/59272", }, { name: "HPSBST03122", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141319209015420&w=2", }, { name: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", refsource: "CONFIRM", url: "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", }, { name: "HPSBMU03217", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", }, { name: "SSRT101868", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61703", refsource: "SECUNIA", url: "http://secunia.com/advisories/61703", }, { name: "http://support.apple.com/kb/HT6495", refsource: "CONFIRM", url: "http://support.apple.com/kb/HT6495", }, { name: "VU#252743", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/252743", }, { name: "61065", refsource: "SECUNIA", url: "http://secunia.com/advisories/61065", }, { name: "SUSE-SU-2014:1213", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html", }, { name: "HPSBST03129", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383196021590&w=2", }, { name: "HPSBMU03144", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383081521087&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", }, { name: "70103", refsource: "BID", url: "http://www.securityfocus.com/bid/70103", }, { name: "JVNDB-2014-000126", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", }, { name: "SSRT101827", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141879528318582&w=2", }, { name: "TA14-268A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA14-268A", }, { name: "SUSE-SU-2014:1212", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html", }, { name: "61641", refsource: "SECUNIA", url: "http://secunia.com/advisories/61641", }, { name: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", refsource: "CONFIRM", url: "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", }, { name: "https://access.redhat.com/node/1200223", refsource: "CONFIRM", url: "https://access.redhat.com/node/1200223", }, { name: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html", }, { name: "SUSE-SU-2014:1287", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", }, { name: "APPLE-SA-2014-10-16-1", refsource: "APPLE", url: "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", }, { name: "20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/Oct/0", }, { name: "MDVSA-2015:164", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", }, { name: "RHSA-2014:1293", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1293.html", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", }, { name: "openSUSE-SU-2014:1238", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html", }, { name: "HPSBMU03220", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142721162228379&w=2", }, { name: "60325", refsource: "SECUNIA", url: "http://secunia.com/advisories/60325", }, { name: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", refsource: "CONFIRM", url: "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", }, { name: "60024", refsource: "SECUNIA", url: "http://secunia.com/advisories/60024", }, { name: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", }, { name: "34879", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/34879/", }, { name: "https://access.redhat.com/articles/1200223", refsource: "CONFIRM", url: "https://access.redhat.com/articles/1200223", }, { name: "62343", refsource: "SECUNIA", url: "http://secunia.com/advisories/62343", }, { name: "61565", refsource: "SECUNIA", url: "http://secunia.com/advisories/61565", }, { name: "https://www.suse.com/support/shellshock/", refsource: "CONFIRM", url: "https://www.suse.com/support/shellshock/", }, { name: "HPSBST03157", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141450491804793&w=2", }, { name: "61313", refsource: "SECUNIA", url: "http://secunia.com/advisories/61313", }, { name: "SSRT101742", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142358026505815&w=2", }, { name: "61873", refsource: "SECUNIA", url: "http://secunia.com/advisories/61873", }, { name: "61485", refsource: "SECUNIA", url: "http://secunia.com/advisories/61485", }, { name: "60947", refsource: "SECUNIA", url: "http://secunia.com/advisories/60947", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", }, { name: "https://support.apple.com/kb/HT6535", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT6535", }, { name: "HPSBST03154", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577297623641&w=2", }, { name: "HPSBST03265", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142546741516006&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", }, { name: "HPSBGN03142", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383244821813&w=2", }, { name: "61312", refsource: "SECUNIA", url: "http://secunia.com/advisories/61312", }, { name: "60193", refsource: "SECUNIA", url: "http://secunia.com/advisories/60193", }, { name: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", }, { name: "http://linux.oracle.com/errata/ELSA-2014-1294.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-1294.html", }, { name: "60063", refsource: "SECUNIA", url: "http://secunia.com/advisories/60063", }, { name: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html", }, { name: "60034", refsource: "SECUNIA", url: "http://secunia.com/advisories/60034", }, { name: "HPSBMU03133", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141330425327438&w=2", }, { name: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", refsource: "MISC", url: "http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html", }, { name: "59907", refsource: "SECUNIA", url: "http://secunia.com/advisories/59907", }, { name: "58200", refsource: "SECUNIA", url: "http://secunia.com/advisories/58200", }, { name: "HPSBST03181", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141577241923505&w=2", }, { name: "61643", refsource: "SECUNIA", url: "http://secunia.com/advisories/61643", }, { name: "http://www.novell.com/support/kb/doc.php?id=7015721", refsource: "CONFIRM", url: "http://www.novell.com/support/kb/doc.php?id=7015721", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", }, { name: "61503", refsource: "SECUNIA", url: "http://secunia.com/advisories/61503", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", }, { name: "RHSA-2014:1354", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1354.html", }, { name: "40938", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40938/", }, { name: "HPSBGN03117", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141216207813411&w=2", }, { name: "http://support.novell.com/security/cve/CVE-2014-6271.html", refsource: "CONFIRM", url: "http://support.novell.com/security/cve/CVE-2014-6271.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", }, { name: "61547", refsource: "SECUNIA", url: "http://secunia.com/advisories/61547", }, { name: "HPSBHF03145", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2", }, { name: "http://www.qnap.com/i/en/support/con_show.php?cid=61", refsource: "CONFIRM", url: "http://www.qnap.com/i/en/support/con_show.php?cid=61", }, { name: "HPSBST03148", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141694386919794&w=2", }, { name: "61552", refsource: "SECUNIA", url: "http://secunia.com/advisories/61552", }, { name: "61780", refsource: "SECUNIA", url: "http://secunia.com/advisories/61780", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", }, { name: "https://support.citrix.com/article/CTX200223", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX200223", }, { name: "DSA-3032", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-3032", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686447", }, { name: "62228", refsource: "SECUNIA", url: "http://secunia.com/advisories/62228", }, { name: "HPSBGN03138", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141330468527613&w=2", }, { name: "61855", refsource: "SECUNIA", url: "http://secunia.com/advisories/61855", }, { name: "HPSBHF03124", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141235957116749&w=2", }, { name: "60044", refsource: "SECUNIA", url: "http://secunia.com/advisories/60044", }, { name: "61291", refsource: "SECUNIA", url: "http://secunia.com/advisories/61291", }, { name: "RHSA-2014:1294", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1294.html", }, { name: "HPSBHF03125", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141345648114150&w=2", }, { name: "59737", refsource: "SECUNIA", url: "http://secunia.com/advisories/59737", }, { name: "61287", refsource: "SECUNIA", url: "http://secunia.com/advisories/61287", }, { name: "HPSBHF03146", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383353622268&w=2", }, { name: "HPSBGN03233", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1141597", }, { name: "SSRT101739", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142118135300698&w=2", }, { name: "61711", refsource: "SECUNIA", url: "http://secunia.com/advisories/61711", }, { name: "HPSBOV03228", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142113462216480&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", }, { name: "HPSBGN03141", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141383304022067&w=2", }, { name: "http://advisories.mageia.org/MGASA-2014-0388.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0388.html", }, { name: "61128", refsource: "SECUNIA", url: "http://secunia.com/advisories/61128", }, { name: "https://support.citrix.com/article/CTX200217", refsource: "CONFIRM", url: "https://support.citrix.com/article/CTX200217", }, { name: "61471", refsource: "SECUNIA", url: "http://secunia.com/advisories/61471", }, { name: "60055", refsource: "SECUNIA", url: "http://secunia.com/advisories/60055", }, { name: "20140926 GNU Bash Environmental Variable Command Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash", }, { name: "61550", refsource: "SECUNIA", url: "http://secunia.com/advisories/61550", }, { name: "61633", refsource: "SECUNIA", url: "http://secunia.com/advisories/61633", }, { name: "http://linux.oracle.com/errata/ELSA-2014-1293.html", refsource: "CONFIRM", url: "http://linux.oracle.com/errata/ELSA-2014-1293.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", }, { name: "https://kb.bluecoat.com/index?page=content&id=SA82", refsource: "CONFIRM", url: "https://kb.bluecoat.com/index?page=content&id=SA82", }, { name: "61328", refsource: "SECUNIA", url: "http://secunia.com/advisories/61328", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", }, { name: "42938", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/42938/", }, { name: "61129", refsource: "SECUNIA", url: "http://secunia.com/advisories/61129", }, { name: "61700", refsource: "SECUNIA", url: "http://secunia.com/advisories/61700", }, { name: "61603", refsource: "SECUNIA", url: "http://secunia.com/advisories/61603", }, { name: "61857", refsource: "SECUNIA", url: "http://secunia.com/advisories/61857", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", }, { name: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html", }, { name: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", refsource: "MISC", url: "https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", assignerShortName: "debian", cveId: "CVE-2014-6271", datePublished: "2014-09-24T18:00:00.000Z", dateReserved: "2014-09-09T00:00:00.000Z", dateUpdated: "2025-02-07T13:47:31.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }